[CentOS] firewall questions

Sun Jun 21 21:07:02 UTC 2020
Erick Perez - Quadrian Enterprises <eperez at quadrianweb.com>

Please take a look at https://www.wireguard.com/quickstart/
we now reduced the attack vector to only the things offered to the public
(https, smtp tls and imaps/s)

On Sun, Jun 21, 2020 at 3:58 PM Pete Biggs <pete at biggs.org.uk> wrote:

> On Sun, 2020-06-21 at 16:47 -0400, mailist wrote:
> > On 2020-06-21 15:33, Chuck Campbell wrote:
> > > I'm running Centos 7.8.2003, with firewalld.
> > >
> > > I was getting huge numbers of ssh attempts per day from a few specific
> > > ip blocks.
> >
> > If you can control the ssh clients, switch your port number to a
> > non-standard
> > port.  Pick one in /etc/services that does not seem to be allocated.
> > Then change
> > "Port" in ssh_config and sshd_config;  If other clients are being used
> > (like Putty),
> > it is easy to change it there.
> >
> > We used to get at least 50 probes per day on port 22.  Now we get zero.
> >
> I used this technique for a number of years - then it got leaked to the
> script kiddies the port that was used. We don't have anything
> particularly valuable that they were looking for (I don't think!), but
> there are lists of subnets & ports out there that the kiddies use so
> once one found it, the flood gates opened.  SSH is now protected behind
> a VPN.
>
> It's a valid thing to do and makes things much saner, but don't assume
> it is a forever solution and don't use it as an excuse to reduce other
> protections you may have.
>
> P.
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 

---------------------
Erick Perez
Quadrian Enterprises S.A. - Panama, Republica de Panama
Skype chat: eaperezh
WhatsApp IM: +507-6675-5083
---------------------