Attack from a reserved address

Larry Underhill lgu at pobox.com
Thu Aug 31 12:41:24 EDT 2006


On Wed, 2006-08-30 at 18:54 -0400, Bill Horne wrote:

> P.S. I've closed the port, but anyone who wants to test it, just drop 
> me an email with your IP address.

Bill,

Dictionary attacks against sshd are really common these days. Have you
considered running sshd on a high numbered port? This simple step
eliminated these kiddie attacks against my home box. (obviously, this
doesn't prevent the more sophisticated attackers)

slightly OT: what are the general practices folks that folks take to
secure the "public" services on their home boxen? I have ssh and http
available. 

My general take is:

* firewall with ssh (on a high num port) and http open. All others are
denied.
* linux distro w/ current updates
* sshd w/ key only access and no remote root login. 
* apache w/ ServerToken and ServerSignature set so I don't broadcast
much info about my apache or platform version. 
* apache defaults to serving a blank html page. Nothing in cgi-bin. All
the sites are served by virtual hosts. Folks port scanning port 80 get
nothing. Folks who actually know the domains get served pages.
  
I also rotate passwords for root and my (one) user account. Any other
tips/tricks?

--Larry




-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the Discuss mailing list