On 30/12/06, Jeroen Massar <jeroen at unfix.org> wrote:
> Rather do a ratelimit, which will fix the problem very well, as per
> various scripts found in google or what I use:
Yes, this is also a good plan.
> > * Run ssh from a port other than 22
>> Which is annoying as most hosts do have SSH on port 22 and then you need
> to either put a "Port 5022" or similar in your ~/.ssh/config or remember
> it. Moving to another box, don't forget to copy it all over.
I don't recommend doing this either, to be honest - but it at least is
simple to implement and does eliminate a lot of the annoying scans.
> > * Implement port knocking
>> Which a random portscan can also break
Not if you do it right - I use a system whereby a knock on port N
opens up port 22, but a knock on port N+1 or N-1 closes it off again.
> and is annoying as you have to do
> it everytime to open up that port. If the adversary is on the link in
> between they will know the sequence and they are able to connect too.
This is certainly the case; but we're delving into realms of paranoia
which aren't really justified in the real world here...
Colm Buckley / colm at tuatha.org / +353 87 2469146
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!