[CentOS] firewall questions

Sun Jun 21 20:58:21 UTC 2020
Pete Biggs <pete at biggs.org.uk>

On Sun, 2020-06-21 at 16:47 -0400, mailist wrote:
> On 2020-06-21 15:33, Chuck Campbell wrote:
> > I'm running Centos 7.8.2003, with firewalld.
> > 
> > I was getting huge numbers of ssh attempts per day from a few specific
> > ip blocks.
> 
> If you can control the ssh clients, switch your port number to a 
> non-standard
> port.  Pick one in /etc/services that does not seem to be allocated.  
> Then change
> "Port" in ssh_config and sshd_config;  If other clients are being used 
> (like Putty),
> it is easy to change it there.
> 
> We used to get at least 50 probes per day on port 22.  Now we get zero.
> 
I used this technique for a number of years - then it got leaked to the
script kiddies the port that was used. We don't have anything
particularly valuable that they were looking for (I don't think!), but
there are lists of subnets & ports out there that the kiddies use so
once one found it, the flood gates opened.  SSH is now protected behind
a VPN.

It's a valid thing to do and makes things much saner, but don't assume
it is a forever solution and don't use it as an excuse to reduce other
protections you may have.

P.