[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] ssh brute-force



At one of my jobs they used ssh keys and move the port to 20000
something, at first I wonder why, but now it makes a lot of sense.
Specially the keys. If you are going to leave it on port 22, set
yourself up with ssh-keys and anyone less that use it.  You turn off
password in ssh were it will only use the keys.



On Sun, Feb 16, 2014 at 4:34 PM, Wolf Halton <wolf.halton at gmail.com> wrote:
> Unless you are being specifically, there are about 60,000 ports that aren't
> scanned by tools in default mode.  High numbers without registered services
> will get almost zero hits.
>
> On Feb 16, 2014 3:45 PM, "John Heim" <john at johnheim.com> wrote:
>>
>>
>>
>> My experience is that changing the port reduces the random  attempts to
>> near zero. But if someone specifically targets you, it doesn't help.
>>
>> Hackersprobably aren't doing port scans of your server. They are probably
>> scanning your network for machines with port 22 open.
>>
>> On 02/16/14 13:20, Edward Holcroft wrote:
>>>
>>> All,
>>>
>>> I have a server that I had to open to the world for ssh. It's getting a
>>> lot of brute-force hits, although I've managed to bring it down to an
>>> "acceptable" level by using a suitable level of paranoia in denyhosts.
>>> Obviously I'd rather not have these hits at all.
>>>
>>> I often hear the suggestion made that I should be using a non-standard
>>> port for ssh to reduce such attacks. I wonder though what the real value
>>> of this would be, since would a portscan not reveal the open port to
>>> would-be hackers anyway?
>>>
>>> I've heard it said that unwanted ssh hits have been reduced to zero by
>>> changing the port from 22 to something else. Of course I can test the
>>> hypothesis by simply changing the port, but I'd like to hear some
>>> opinions on this question before doing so.
>>>
>>> ed
>>>
>>> --
>>> Edward Holcroft | Madsen Kneppers & Associates Inc.
>>> 11695 Johns Creek Parkway, Suite 250 | Johns Creek, GA 30097
>>> O (770) 446-9606 | M (770) 630-0949
>>>
>>> MADSEN, KNEPPERS & ASSOCIATES USA, MKA Canada Inc.
>>> WARNING/CONFIDENTIALITY NOTICE: This message may be confidential and/or
>>> privileged. If you are not the intended recipient, please notify the
>>> sender immediately then delete it - you should not copy or use it for
>>> any purpose or disclose its content to any other person. Internet
>>> communications are not secure. You should scan this message and any
>>> attachments for viruses. Any unauthorized use or interception of this
>>> e-mail is illegal.
>>>
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
Terror PUP a.k.a
Chuck "PUP" Payne

(678) 636-9678
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- en.opensuse.org/User:Terrorpup
openSUSE Ambassador/openSUSE Member
Community Manager -- Southeast Linux Foundation (SELF)
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363

Have you tried SUSE Studio? Need to create a Live CD,  an app you want
to package and distribute , or create your own linux distro. Give SUSE
Studio a try. www.susestudio.com.
See you at Southeast Linux Fest, June 7-9, 2013 in Charlotte, NC.
www.southeastlinuxfest.org