[CentOS] I appear to be attacking others
Benjamin Smith
lists at benjamindsmith.com
Tue Feb 7 08:52:56 UTC 2006
On Monday 06 February 2006 17:46, James Gagnon wrote:
> Thanks Will. One thing I have always done with SSH is run it on a
> non-default port. Its funny I left it on 22 once and watched the log
> reports every morning in my email for a few days and the amount of people
> trying to login as the root user was amazing... the report was 40-50 lines
> longer than normal just from all the attempts... I then chose a port over
> 10000 as they say most port scanners usually scan port 1-10000. Once I did
> that I have not seen one attempt to try and access root through SSH or any
> user for that matter. Good tip though... =)
Not only do I use a *high* port, but I also restrict acceptable connections to
just a few IP addresses, with one machine having *ONLY* an ssh port globally
open, accepting only keys, no passwords, on a high port as a "gateway" for
when I need to get in from someplace other than the small list of approved
addresses.
I've had ZERO problems with this. But, when SSH was on 22, and open to the
world, I saw something like 30,000 attempts on the root account in a single
24 hour period. Holy fscking sh--! (Not that it did any good, you couldn't
login as root without an RSA key)
-Ben
--
"The best way to predict the future is to invent it."
- XEROX PARC slogan, circa 1978
More information about the CentOS
mailing list