On Thu, May 15, 2008 at 9:47 AM, Bob King <[EMAIL PROTECTED]> wrote: > According to the Information Week article: > http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=207603339 > One of the more interesting bits was that the attacks are shifting to a more > distributed model to avoid detection by IDS/IPS systems, using botnets. > Many distros come with ssh installed by default, and often with root access > allowed by default. I always thought that disabling root access via ssh is a > good idea, but reading this I would assume it would be a good idea to just > deactivate password access via ssh all together and limit access to systems > with keys known to the host. Moving the sshd to a non-standard port would be > another move, but would that stop more than the most basic tools? > I would be interested in hearing recommendations from other folks on the > list.
sshguard is a nice tool. It monitors syslog and automatically adds iptables rules to drop packets from the source of an arbitrary number of incorrect logins. http://sshguard.sourceforge.net/ Note, many of the installers don't set some things up, and require manual configuration. See: http://sshguard.sourceforge.net/doc/setup/setup.html Specifically, the section in http://sshguard.sourceforge.net/doc/setup/blockingiptables.html as they show the commands, but at least the Ubuntu package doesn't actually add those rules to any of the rc startup files. :-D -- -- Thomas _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/