Re: ssh library attack
From: jsuthan (jsuthan_at_gmail-spam.com)
Date: Sun, 07 Aug 2005 11:43:10 +0800
CL (dnoyeB) Gilbert wrote:
> Everyday someone has attempted to log into my ssh server 1000s of times
> with a bunch of different names. There is nothing significant on my
> Linux box to be concerned with. I am just sick of seeing all this in my
> logs and why should I let it continue.
> There is no root login over ssh on my box, and you cant login without a
> key eiter, no password access.
> Is there a way to combat this without hampering my daily access? I do
> tend to access from a given IP address, but I don't want to guarantee
> this. Perhaps I could just change to some obsecure port number? Any
> specific number? Can the sshd listen on multiple ports till i finalize
> on a different port if this is the way to go?
To avoid for future exploit.. don't place SSH communication on standard
port 22. The only problem for HTTP and SMTP these ports can't be
changed! Those ports need alternative enforcement. Back to SSH try
change port to different port, give hackers more work todo.. then come
the NMAP thing which discover which port is open. Its still more work.
Choosing different ports will be secure and avoid random exploits.
Everyone know port 22 is SSH!
-- jsuthan Zues linux team http://www.mypulau.com