[SGVLUG] ports - what about tcp wrappers or firewall settings

Robert Leyva mrflash818 at geophile.net
Fri Jan 16 12:33:39 PST 2009


Greets,

I am about to prove how humble my knowledge is:
What about using something simple like tcp wrappers or firewall
configuration, so that only allowed incoming traffic to your ssh port
(say, a few domains from work and such) ?

Not as fancy or elegent as port knocking, but maybe easier to implement? a
quick google search revealed most ssh implementations support it....

>
> There are quite a number of "bots" that run 24/7 trying to brute-force
> crack SSH server accounts, and alot of the time, they too run on these
> hijacked machines, either through some IRC botnet, or some other
> automated (XSS-injected) script.
>
> When configuring an SSH Server, the 1st thing should always be disabling
> 'root' login access, and run sshd on a non-standard port. Most of the
> "bots" that run autonomously (usually) only attack port 22, therefor are
> easily defeated.
>


-- 
"Knowledge is Power" -- Francis Bacon

Robert Leyva
mrflash818 at geophile.net
http://mrflash818.livejournal.com
AOL IM: mrflash818



More information about the SGVLUG mailing list