[Dshield] SSH Bots
lucy at lucindrea.com
Tue Mar 7 16:03:31 GMT 2006
well speaking of ssh and shared keys .. anyone know of some good docs on
setting up private/shared keys on linux/RH/fedora/etc
> list-bounces at lists.dshield.org wrote on 03/07/2006 04:58:16 AM:
>> On 3/6/06, lucy at lucindrea.com <lucy at lucindrea.com> wrote:
>> > 1. switch the port hat ssh works on from 22 to somthing odd like 678
>> > somthing.( not the best soultion , but it does work )
>> It works like a charm. Unfortunately it brings the "security by
>> obscurity" trolls out of the woodwork.
> Or install something like denyhosts (denyhosts.sourceforge.net) to block
> out the offending IPs. I installed it on one of our Internet facing
> servers a little less than a year ago and so far it has blocked out ~250
> IPs. The newer version will block out IPs for a designated period of time
> and then remove them. Pretty slick!
> On my home machine I run ssh on a non-standard port (I don't use ports
> below 1024 because they periodically get probes), I also run denyhosts on
> that machine. I have not had one ssh brute force attempt in over two
> years. It is the low hanging fruit approach. There are more than enough
> ssh servers on the Internet on port 22, why go looking for non-standard
> ones. Security by obscurity should not be your only security, but it
> doesn't hurt to supplement other security measures.
> Any resemblance to a troll is purely circumstantial.
> NOTICE: This confidential e-mail message is only for the intended
> recipient(s). If you are not the intended recipient, be advised that
> disclosing, copying, distributing, or any other use of this message, is
> strictly prohibited. In such case, please destroy this message and notify
> the sender.
> Learn about Intrusion Detection in Depth from the comfort of your own
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
Time to revamp Kindergarten
1. Sharing is ILLEGAL
More information about the list