Sean Miller wrote: > I run all my sshd servers (on the www) on 23432. > > Easy to remember but not the first place the hackers look.
Hello, Sean. They will now ;-) > So I think it's definitely worth doing... but if you're on a home > network and have a router and need port 22 for your local access why not > use the router to transform? He could run "firestarter" and configure the kernel's IPTABLES to do the job. No need to do it on an external router. Only allow port 22 in from the network the 'Tomboy' is on (or only the IP of the Tomboy itself). Dave Walker suggested using "fail2ban" on port 22 when exposed to the internet, and that's good advice. However, "fail2ban" is intended to protect against 'brute-force' attacks by botnets. It will allow five login attempts (a configurable threshold) before setting the kernel IPTABLES to drop packets from the attacker. By default, the IP will be reinstated after 10mins (configurable). I think he needs to block port 22 permanently, except to permit access from the "Tomboy". Trying to protect ports by obfustication is doomed to failure. Some botnets scan all available ports looking for signatures of anything! Tony. -- Dr. A.J.Travis, | mailto:[EMAIL PROTECTED] Rowett Research Institute, | http://www.rri.sari.ac.uk/~ajt Greenburn Road, Bucksburn, | phone:+44 (0)1224 712751 Aberdeen AB21 9SB, Scotland, UK. | fax:+44 (0)1224 716687 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/