[clug] Stopping them at the door
paul.wayper at anu.edu.au
Mon Feb 14 01:52:28 GMT 2005
Antti.Roppola at brs.gov.au wrote:
>How many sites/netwprks do you actually connect from?
Well, not too many. I suppose I want to keep my options open.
>When I had ssh listening on my home firewall (I used it so infrequently
>I switched it off altogether), iptables was set up to only allow
>connections from specific networks. Anywhere else never saw the login.
One thing that I've done on my home system is to use the firewall to
redirect all incoming connections on an arbitrary high port number to my
main home linux machine on port 22. Sure, an nmap will find the port,
but none of the script-kiddies will bother doing an nmap first. Then I
get the firewall to redirect port 22 incoming from certain trusted
machines to port 22 on my home machine. This means that I still have to
supply a password or authorised key, but that I don't have to use the
port number every time I want to log in remotely. I think that's rather
>Less feasible for a large site, but how many of your users are
>actually using ssh anyway?
Well, really only me from external sites. So I guess it's not too much
of a problem.
I suppose there's a part of me that thinks that the discipline of
complaining to the ISPs is worth it in terms of actually stamping on
these script-kiddies, while still not actually making my system that
much more vulnerable. I've yet to see anyone try my actual login name,
-- Paul Wayper at ANU - +61 2 6125 0643
More information about the linux