[Dshield] SSH Bots

lucy@lucindrea.com lucy at lucindrea.com
Tue Mar 7 16:03:31 GMT 2006

well speaking of ssh and shared keys .. anyone know of some good docs on
setting up private/shared keys on linux/RH/fedora/etc

> list-bounces at lists.dshield.org wrote on 03/07/2006 04:58:16 AM:
>> On 3/6/06, lucy at lucindrea.com <lucy at lucindrea.com> wrote:
>> >
>> > 1. switch the port hat ssh works on from 22 to somthing odd like 678
> or
>> > somthing.( not the best soultion , but it does work )
>> It works like a charm.  Unfortunately it brings the "security by
>> obscurity" trolls out of the woodwork.
> Or install something like denyhosts (denyhosts.sourceforge.net) to block
> out the offending IPs. I installed it on one of our Internet facing
> servers a little less than a year ago and so far it has blocked out ~250
> IPs.  The newer version will block out IPs for a designated period of time
> and then remove them.  Pretty slick!
> On my home machine I run ssh on a non-standard port (I don't use ports
> below 1024 because they periodically get probes), I also run denyhosts on
> that machine.  I have not had one ssh brute force attempt in over two
> years.  It is the low hanging fruit approach.  There are more than enough
> ssh servers on the Internet on port 22, why go looking for non-standard
> ones.  Security by obscurity should not be your only security, but it
> doesn't hurt to supplement other security measures.
> Rick
> Any resemblance to a troll is purely circumstantial.
> NOTICE:  This confidential e-mail message is only for the intended
> recipient(s). If you are not the intended recipient, be advised that
> disclosing, copying, distributing, or any other use of this message, is
> strictly prohibited. In such case, please destroy this message and notify
> the sender.
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

Time to revamp Kindergarten

1. Sharing is ILLEGAL

More information about the list mailing list