7 Sep
2005
7 Sep
'05
2:50 a.m.
On Tue, 2005-09-06 at 20:16, Maciej Żenczykowski wrote:
Instead of keeping the ssh port open, use something like the following:
-A INPUT -p tcp --dport SECRETPORT# -m recent --set -A INPUT -p tcp --dport ssh -m state --state NEW -m recent --update --seconds 43200 -j ACCEPT
and then before ssh'ing in from outside telnet the SECRETPORT# on the machine in order to open the ssh port for the next 12 hours. Gets rid of script kiddies.
Or just move the ssh port to another port number. I also got tired of all the log file activity. Moved ssh to another port and have not seen any of that traffic since then.