Re: Somebody is keep trying to ssh into my systems, how can I stop that?

From: left_coast <void@xxxxxxxx>
Date: Mon, 24 Jul 2006 16:14:31 -0700

GS wrote:

I have my LAN setup with Broadband router, somebody is trying to ssh
into my systems, how can I stop that, Is it possible to drop the packet
at Network (at MAC level) level?. thanks.

Some have suggested changing ports, this is simply trying to hide from the
attackers. Someone scanning using ssh connects on a series of ports could
still easily find your port and your back in the same situation. Leaving
your port open and relying only on passwords and RSA stuff still leaves
your ssh port vulnerable to buffer overflow attacks from anywhere and
anyone on the internet.

The best strategy is, if you have no reason to ssh into your box, shut down
ssh completely (as well as any other servers, imap, pop, web, etc, that you
do not need to have running). If you do need to ssh in and do it from a few
known addresses, configure your firewall to allow connections from only
those addresses (yes the addresses can be faked but only in limited
circumstances). If you have to login from more random locations, consider
portknocking, which will open a port for an address if the right
combination comes from that address (now just watch the BS that will come
from people that don't understand portknocking).

--
Still waiting for a rational answer from Bittwister to this:
<nfqlo3-qds.ln1@xxxxxxxxxxxxxxxxxxxx>.
.

Follow-Ups:
- Re: Somebody is keep trying to ssh into my systems, how can I stop that?
  - From: left_coast
- Re: Somebody is keep trying to ssh into my systems, how can I stop that?
  - From: Jeremiah DeWitt Weiner

References:
- Somebody is keep trying to ssh into my systems, how can I stop that?
  - From: GS

Prev by Date: Re: How to set up an account lockout counter?
Next by Date: Re: How to watch the printing?
Previous by thread: Re: Somebody is keep trying to ssh into my systems, how can I stop that?
Next by thread: Re: Somebody is keep trying to ssh into my systems, how can I stop that?
Index(es):
- Date
- Thread

Relevant Pages

Re: ssh gives "Permission denied, please try again"
... port 22 on your internal machine, so you will need to keep ssh up to ... I configure the router to forward a different external port to 22 on my ... For good measure pick usernames that are none obvious, ... root/password: 163 times ...
(uk.comp.os.linux)
[NEWS] SSH service at Dell DRAC4 Denial of Service (Mocana)
... SSH service at Dell DRAC4 Denial of Service ... Dell Remote Access Card 4 allows customers to effectively manage ... After the use of such a port scanner, ...
(Securiteam)
Re: Remote Desktop directly to another computer on the network
... default port... ... And there is no reason for me to believe that ssh ... When I have a multibillion company I will use the key pair, ... WinSCP for that to access my home SSH server. ...
(microsoft.public.windowsxp.work_remotely)
Re: SSH safety
... SSH safety (J.L. ... FC3 missing KDE menu items ... I was wondering how safe it is to open the ssh port up to the internet. ...
(Fedora)
Re: FTPS Server?
... port numbers by deep packet inspection. ... client, but the underlying SSH protocol over the network is way, way ... See the chroot configuration in the man-page for sshd_config ... recommend running a separate instance on a separate port (if firewalls ...
(freebsd-stable)