[olug] Eliminate risk for brute force root login attempts

Russ Dunham russ at solution-tech.com
Thu Aug 3 15:23:34 UTC 2006


I also changed the port #, and the traffic went away also.  I changed it
about 3 years ago, and knock on wood, it hasn't come back. :) 

-----Original Message-----
From: Matthew D. McCain Platte [mailto:plattem at inetnebr.com] 
Sent: Wednesday, August 02, 2006 9:57 AM
To: Omaha Linux User Group
Subject: Re: [olug] Eliminate risk for brute force root login attempts

On Tue, 2006-08-01 at 17:51 -0500, Phil Brutsche wrote:
> Daniel Pfile wrote:
> > Try denyhosts:
> > 
> > http://denyhosts.sourceforge.net/
> > 
> > Also, remember to disable remote root logins in ssh.
> > 
> > If you have a small number of users, set up AllowUsers for the users 
> > you have.
> > 
> > Even better, if it's an option, turn on mandatory key authentication.
> 
> I find it's simpler just to change my SSH port number.
> 

+1 for port number change.

I had a script that would scan the log every three minutes looking for
evidence of the brute force kids, copying that IP to deny.hosts.  That still
let 'em in for up to three minutes, though.  I could see the lights on the
switch flickering as they tried to get into my otherwise quiet network.

That traffic went away when I changed the port number.

--
-------^.^--








More information about the OLUG mailing list