I recommend Single Packet Authentication or Port Knocking for use in
conjunction with your SSH service.


On Mon, Mar 17, 2008 at 8:37 AM, Mike Bydalek <
mbydalek@compunetconsulting.com> wrote:

> Jon M. Hanson wrote:
> > Josef Lowder wrote:
> >> .
> >> Are Linux boxes vulnerable to be used by botnets?
> >>
> >> This article in USA Today is frightening.
> >>
> >>
> http://www.usatoday.com/tech/news/computersecurity/2008-03-16-computer-botnets_N.htm
> >>
> >>
> > Probably at least once a day my Linux box that I have co-located is
> > probed for a weak password /account through SSH. I'm not sure what
> > they would do to the system if they got in and I'm not going to find
> > out. When I see an SSH probe happen I track down who owns the IP and
> > report it. I also nmap the IP to see what services are running on the
> > system.
> That seems like too much work =P  Most of the probes, ssh attacks, etc.
> that I see are from foreign countries and I really don't see much
> benefit in reporting them.  What I do on all my servers is use 2 little
> tools to help stop these automated attacks: DenyHosts
> (http://denyhosts.sourceforge.net/) and PortSentry
> (http://sourceforge.net/projects/sentrytools/)  With these 2, a high
> number (I would say 99% but then I have no proof to back it up) of
> attacks are immediately stopped in their tracks.  If someone is doing a
> port scan on your entire server, do you *really* think they're doing it
> for a good reason?
>
> -Mike
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
"A man is defined by the questions that he asks; and the way he goes about
finding the answers to those questions is the way he goes through life."