[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: need help with openssh attack

I guess I already pointed out everything. I added the updating part to it.

* Use private not public keys with strong passwords
* Do not allow root login to the SSH server
* Don't use the default port 22 but choose one of the high order ports
* Use a port knocker to hide your SSH port (install and configure: knockd)
* Configure your iptables to allow only certain addressees (only if you connect from static places for example your work or home)
* Also configure your /etc/hosts.deny and /etc/hosts.allow for sshd
* Use fail2ban to defend yourself from bruteforce attacks
* Use fwsnort to have SNORT rules in your iptables which will protect you against exploits for example. You do need to configure this: fwsnort --update-rules && fwsnort
Then run the sh script in /etc/fwsnort and save your iptables with for example: iptables-persistent
* Use and configure PSAD for port scan protection
* Only allow certain users to connect to the SSH deamon
* Perform regular security and system updates


On Thu, Dec 29, 2011 at 16:37, Nicolas Carusso <ncarusso@hotmail.com> wrote:
How about creating a Referense list with all the suggestions that we are doing?
If all of you agree, Let's start now.

SECURITY LIST
******************

1. SSH. Deny root access setting "no" in PermitRootLogin option in sshd_config file
2. SSH. Change default port
3. OS Update. Keep debian Updated.
4....


> Date: Thu, 29 Dec 2011 16:16:45 +0100
> From: serge.dewailly@openevents.fr
> To: debian-security@lists.debian.org

> Subject: Re: need help with openssh attack
>
> Hi,
>
> To prevent brute-force attack, you can also use the package named
> "fail2ban" which does not need lots of configuration or tweeking in many
> situation.
>
> --
> Serge Dewailly - Administrateur Système
>
>
> Le 29/12/11 15:04, Taz a écrit :
> > Hello, we've got various debian servers, about 15, with different
> > versions. All of them have been attacked today and granted root
> > access.
> > Can anybody help? We can give ssh access to attacked machine, it seems
> > to be serious ssh vulnerability.
> >
> > How can i contact openssh mnt?
> >
> > Thank you.
> >
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 4EFC845D.7000608@openevents.fr" target="_blank">http://lists.debian.org/[🔎] 4EFC845D.7000608@openevents.fr
>



--
Met vriendelijke groet,
Kees de Jong


De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde(n).
Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren.
--
The information contained in this message may be confidential and is intended to be exclusively for the addressee(s).
Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail.

Reply to: