[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] ssh brute-force
- Subject: [ale] ssh brute-force
- From: droiddude228 at gmail.com (Michael Strickland)
- Date: Sun, 16 Feb 2014 14:37:04 -0500
- In-reply-to: <[email protected]om>
- References: <[email protected]om>
-----BEGIN PGP SIGNED MESSAGE-----
I leave my systems on 22 and just run fail2ban. Six failed logins and
they earn an iptables drop rule for 10 or so hours. If they are
actually scanning then the port doesn't matter, it will still show up
as SSH if they probe it.
On 2/16/2014 2:20 PM, Edward Holcroft wrote:
> I have a server that I had to open to the world for ssh. It's
> getting a lot of brute-force hits, although I've managed to bring
> it down to an "acceptable" level by using a suitable level of
> paranoia in denyhosts. Obviously I'd rather not have these hits at
> I often hear the suggestion made that I should be using a
> non-standard port for ssh to reduce such attacks. I wonder though
> what the real value of this would be, since would a portscan not
> reveal the open port to would-be hackers anyway?
> I've heard it said that unwanted ssh hits have been reduced to zero
> by changing the port from 22 to something else. Of course I can
> test the hypothesis by simply changing the port, but I'd like to
> hear some opinions on this question before doing so.
> _______________________________________________ Ale mailing list
> Ale at ale.org http://mail.ale.org/mailman/listinfo/ale See JOBS,
> ANNOUNCE and SCHOOLS lists at http://mail.ale.org/mailman/listinfo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
This email is free from viruses and malware because avast! Antivirus protection is active.