[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH attack

On Tue, 11 Oct 2005, Marty wrote:

> Thanks, you just reminded me of two more items for my ssh hardening plan:
> -deny root login
> -turn off sshd access after a specified number of failed login attempts,
> or any attempts outside the specific IP address range.

those should be done BEFORE you go live .. ??

	- no machine i would be baby sitting would be turned on
	if those 2 minimum requirements is not met

	- in the old days, i'd be running the latest/greatest
	ssh ... vs those that come with any distro
	( it seems lot more stable now... not as many exploits )

as far as i'm concerned ... free audits is a good thing on non-critical
machines ... let um play with those .. i get um by the thousands ...
and i'm not gonna want any email just because one bozo decides
to run a generic port scan or dictionary attacks

- that'd generate hundreds of thousands of false alarms

- "too many" attempts will also raise a flag
	( more than the number of your fingers )

- critical machines are watched very carefully :-)

c ya

Reply to: