[Cialug] denyhosts logging LOTS of attacks
Josh More
morej at alliancetechnologies.net
Tue May 13 12:22:53 CDT 2008
True, but it doesn't improve security, it just reduces the number of
random stumblers.
I suggest disabling remote SSH login for root and locking down SSH to
version 2 and key-based access only. I also run DenyHosts to limit the
traffic.
-Josh More, RHCE, CISSP, NCLP, GIAC
morej at alliancetechnologies.net
515-245-7701
>>> "Dave Crouse" <crouse at usalug.net> 05/13/08 12:16 PM >>>
I never run ssh on the standard port 22 anymore..... changing the port
number alone will significantly reduce the number of logged attacks.
Dave Crouse
On Tue, May 13, 2008 at 11:49 AM, Kendall Bailey <krbailey at gmail.com>
wrote:
> I run an SSH server on port 22 as my only public service. I run the
> denyhosts daemon to protect against dictionary attacks and lock down
> SSH pretty thoroughly in other regards, but still allow connection
> from any host otherwise. The last few days I've seen hundreds of
> hosts logged by denyhosts. Anyone know why random dictionary attacks
> might be spiking? Is it widespread? I'm considering closing that
> port for a while.
>
> Thanks.
> Kendall
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list