Need help!
Jonathan
djgoku at gmail.com
Sun May 1 23:47:55 CDT 2005
> If all they are doing is the usual BS ssh sniffing, run sshd on a
> non-standard port.... I usually run mine on something like 2280, that
> way its easy to remember but wont get scanned since the kiddies dont
> seem to do an actual nmap. From what Ive seen, all they really do is
> IP a netblock range and run a script that looks for a session
> connection and once it finds one, does dictionary scans with common
> names like "test" and then regular names. or another thing you can do,
> is use shared key auth. just an idea.
I was getting blasted with these bot scans/connects to sshd port, and
then all I did was change port to 222 in sshd_config and the logs don't
have any scans/connects to this port other then me. I think changing the
port would probably help, with blocking ips. I think changing the port
will make considerable differences in the attacks.
Thanks,
Jonathan
More information about the Kclug
mailing list