[Dshield] SSH Bots

lucy@lucindrea.com lucy at lucindrea.com
Tue Mar 7 16:03:31 GMT 2006


well speaking of ssh and shared keys .. anyone know of some good docs on
setting up private/shared keys on linux/RH/fedora/etc

> list-bounces at lists.dshield.org wrote on 03/07/2006 04:58:16 AM:
>
>> On 3/6/06, lucy at lucindrea.com <lucy at lucindrea.com> wrote:
>> >
>> > 1. switch the port hat ssh works on from 22 to somthing odd like 678
> or
>> > somthing.( not the best soultion , but it does work )
>>
>> It works like a charm.  Unfortunately it brings the "security by
>> obscurity" trolls out of the woodwork.
>>
> Or install something like denyhosts (denyhosts.sourceforge.net) to block
> out the offending IPs. I installed it on one of our Internet facing
> servers a little less than a year ago and so far it has blocked out ~250
> IPs.  The newer version will block out IPs for a designated period of time
> and then remove them.  Pretty slick!
>
> On my home machine I run ssh on a non-standard port (I don't use ports
> below 1024 because they periodically get probes), I also run denyhosts on
> that machine.  I have not had one ssh brute force attempt in over two
> years.  It is the low hanging fruit approach.  There are more than enough
> ssh servers on the Internet on port 22, why go looking for non-standard
> ones.  Security by obscurity should not be your only security, but it
> doesn't hurt to supplement other security measures.
>
> Rick
> Any resemblance to a troll is purely circumstantial.
>
>
>
> NOTICE:  This confidential e-mail message is only for the intended
> recipient(s). If you are not the intended recipient, be advised that
> disclosing, copying, distributing, or any other use of this message, is
> strictly prohibited. In such case, please destroy this message and notify
> the sender.
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>


-- 
Time to revamp Kindergarten

1. Sharing is ILLEGAL


More information about the list mailing list