[Dshield] SSH Bots
Rick.Wanner at sasktel.sk.ca
Tue Mar 7 14:54:59 GMT 2006
list-bounces at lists.dshield.org wrote on 03/07/2006 04:58:16 AM:
> On 3/6/06, lucy at lucindrea.com <lucy at lucindrea.com> wrote:
> > 1. switch the port hat ssh works on from 22 to somthing odd like 678
> > somthing.( not the best soultion , but it does work )
> It works like a charm. Unfortunately it brings the "security by
> obscurity" trolls out of the woodwork.
Or install something like denyhosts (denyhosts.sourceforge.net) to block
out the offending IPs. I installed it on one of our Internet facing
servers a little less than a year ago and so far it has blocked out ~250
IPs. The newer version will block out IPs for a designated period of time
and then remove them. Pretty slick!
On my home machine I run ssh on a non-standard port (I don't use ports
below 1024 because they periodically get probes), I also run denyhosts on
that machine. I have not had one ssh brute force attempt in over two
years. It is the low hanging fruit approach. There are more than enough
ssh servers on the Internet on port 22, why go looking for non-standard
ones. Security by obscurity should not be your only security, but it
doesn't hurt to supplement other security measures.
Any resemblance to a troll is purely circumstantial.
NOTICE: This confidential e-mail message is only for the intended
recipient(s). If you are not the intended recipient, be advised that
disclosing, copying, distributing, or any other use of this message, is
strictly prohibited. In such case, please destroy this message and notify
More information about the list