On Fri, Apr 20, 2007 at 12:47:20PM +0300, Nick Demou wrote: > The only service that listens to the internet on my pcs is sshd (on > port 80 or 443 [1]). Since neither me nor sshd is perfect I would like > to get rid of as much attackers as possible. My idea was to use port > knocking. So I tested knockd and it seems nice[2] except one minor > thing[3] and a major problem: if I am visiting some firewalled network > that only allows connections to port 80,443 (and if you are lucky 110) > there are hardly any ports to knock :( > > Any other idea of simple measures that will keep as many attackers > away from the one and only service that is listening to the Internet? > Well, if which outbound ports are available is a real concern, then consider the following: - rate-limit new ssh connections (I use this) - force key-only authentication The first will keep your logs from getting cluttered (and will also slow attackers down greatly so that they take longer to get to other people's machines). The second make it impossible for a dictionary attack to ever succeed. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature