SSH IP blocking?

[sdavmor]

Kent Borg wrote:
> sdavmor wrote:
>> We just selected a different high number port to move all SSH 
>> requests to, and closed off port 22. Now our company stores don't
>>  even acknowledge the connection attempt and present a "login" 
>> unless the request comes in on the high number port we chose.
>> 
> 
> I once had an account on a machine with the sshd moved to a
> non-standard port, and the machine was not maintained, and there
> was a security hole in sshd (this was many years ago), and it was
> broken into. Obscurity can help,

yes

> but don't rely on it.

and yes

> -kb, the Kent who doesn't recycle passwords anymore.

All true, but as a company-wide policy it had immediate impact. We
simply stopped getting all but occasional scans to see if anything was
open. While not anywhere close to all inclusive protection, moving
allowable ssh connections from 22 to somewhere else might be a good --
and very simple -- place to start. Then back it up with something(s)
behind the door as we did.
-- 
Cheers,
SDM -- a 21st century schizoid man
Systems Theory internet music project links:
official site <www.systemstheory.net>
MySpace MP3s <www.myspace.com/systemstheory>
CDBaby <www.cdbaby.com/systemstheory>
"Soundtracks For Imaginary Movies" CD released Dec 2004
"Codetalkers" CD now available for free download at:
<www.mikedickson.org.uk/codetalkers>
NP: nothing