[ubuntu-uk] SSH question
Tony Travis
ajt at rri.sari.ac.uk
Sat Jan 12 20:08:24 GMT 2008
Sean Miller wrote:
> I run all my sshd servers (on the www) on 23432.
>
> Easy to remember but not the first place the hackers look.
Hello, Sean.
They will now ;-)
> So I think it's definitely worth doing... but if you're on a home
> network and have a router and need port 22 for your local access why not
> use the router to transform?
He could run "firestarter" and configure the kernel's IPTABLES to do the
job. No need to do it on an external router. Only allow port 22 in from
the network the 'Tomboy' is on (or only the IP of the Tomboy itself).
Dave Walker suggested using "fail2ban" on port 22 when exposed to the
internet, and that's good advice. However, "fail2ban" is intended to
protect against 'brute-force' attacks by botnets. It will allow five
login attempts (a configurable threshold) before setting the kernel
IPTABLES to drop packets from the attacker. By default, the IP will be
reinstated after 10mins (configurable). I think he needs to block port
22 permanently, except to permit access from the "Tomboy".
Trying to protect ports by obfustication is doomed to failure. Some
botnets scan all available ports looking for signatures of anything!
Tony.
--
Dr. A.J.Travis, | mailto:ajt at rri.sari.ac.uk
Rowett Research Institute, | http://www.rri.sari.ac.uk/~ajt
Greenburn Road, Bucksburn, | phone:+44 (0)1224 712751
Aberdeen AB21 9SB, Scotland, UK. | fax:+44 (0)1224 716687
More information about the ubuntu-uk
mailing list