[Cialug] denyhosts logging LOTS of attacks

Tim Wilson tim_linux at wilson-home.com
Tue May 13 13:57:03 CDT 2008 

That's what I thought, until I got hacked 6 years ago.  Granted, I did have
an older ssh, but at the time, it wasn't that old.  Now, at the firewall
level I only allow a certain range of IP addresses access to port 22.  Since
I rarely ssh in from anywhere but home and work, I set it up to allow those
addresses.  If I do need access from another machine, I can always open it
up temporarily.  If I do, I turn on logging so everything gets logged.

The most important thing to remember:  They aren't necessarily targeting
you, they are targeting a computer.  The don't know or care who owns the
computer, it is just a target for them.  That's all they care about.

On Tue, May 13, 2008 at 1:38 PM, Daniel A. Ramaley <daniel.ramaley at drake.edu>
wrote:

> On Tuesday 13 May 2008 12:53, Josh More wrote:
> > All you're doing is reducing traffic (not a
> > bad thing, really) and reducing your log volume.
>
> If you reduce your log volume it will make the more advanced and
> worrisome attacks easier to spot since there will be less noise.
>
> Personally, i run ssh on the standard port 22. But only because i'm too
> lazy to redo my firewall configuration to let in something else. (I
> don't like futzing with the firewall.) I do, however, have ssh locked
> down in all the other ways, and i keep up with security updates to it.
> I think it pretty unlikely i'll get cracked via ssh. But, if i ever get
> around to it, i'll definitely change the port just so my logs aren't
> filled up with all the noise from the dictionary attacks. Have those
> *ever* worked? I've not personally encountered a system so insecure a
> dictionary attack would work against it...
>
> ------------------------------------------------------------------------
> Dan Ramaley                            Dial Center 118, Drake University
> Network Programmer/Analyst             2407 Carpenter Ave
> +1 515 271-4540                        Des Moines IA 50311 USA
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



-- 
Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20080513/24efa0f0/attachment.htm

More information about the Cialug mailing list