[clug] Stopping them at the door

Paul Wayper paul.wayper at anu.edu.au
Mon Feb 14 01:52:28 GMT 2005

Antti.Roppola at brs.gov.au wrote:

>How many sites/netwprks do you actually connect from?
Well, not too many.  I suppose I want to keep my options open.

>When I had ssh listening on my home firewall (I used it so infrequently
>I switched it off altogether), iptables was set up to only allow
>connections from specific networks. Anywhere else never saw the login.
One thing that I've done on my home system is to use the firewall to 
redirect all incoming connections on an arbitrary high port number to my 
main home linux machine on port 22.  Sure, an nmap will find the port, 
but none of the script-kiddies will bother doing an nmap first.  Then I 
get the firewall to redirect port 22 incoming from certain trusted 
machines to port 22 on my home machine.  This means that I still have to 
supply a password or authorised key, but that I don't have to use the 
port number every time I want to log in remotely.  I think that's rather 

>Less feasible for a large site, but how many of your users are
>actually using ssh anyway?
Well, really only me from external sites.  So I guess it's not too much 
of a problem.

I suppose there's a part of me that thinks that the discipline of 
complaining to the ISPs is worth it in terms of actually stamping on 
these script-kiddies, while still not actually making my system that 
much more vulnerable.  I've yet to see anyone try my actual login name, 
for example.

Have fun,


-- Paul Wayper at ANU - +61 2 6125 0643

More information about the linux mailing list