[nycbug-talk] SSH attacks

Andy Kosela akosela at andykosela.com
Wed Sep 10 13:38:47 EDT 2008


On Wed, Sep 10, 2008 at 7:11 PM, Yarema <yds at coolrat.org> wrote:
> Hey, is anyone else seeing an upsurge in distributed SSH attacks over
> the past week or two?
> <snip>

The best defense against such attacks is just to allow SSH connections
only for specific hosts/subnets. If you really need to allow the whole
world to access your SSH port just use a nonstandard one and put it
behind some good firewall. We are using Juniper Netscreen for that.
Logs are clean.

If you can't put it behind firewall even editing /etc/hosts.allow can help.

Andy Kosela



More information about the talk mailing list