On Wednesday 16 September 2009 06:00:21 pm Chuck Payne wrote:
I been getting hit real hard from China and Korea lately, and I know if they are hit me on Mail, ssh, and ftp. They got to be hitting me in other areas.
Excellent work Chuck! (post the script when you have it ready) A couple of more tips: [[[ #1 all time tip ]]] Move ssh to a high port! grep Unassigned /etc/services and then take your pick edit /etc/services and comment out the existing ssh entries for port 22 and then duplicate the ssh entries on whatever port you choose NOTE: EDIT YOUR FIREWALL SETTINGS TO OPEN UP THE NEW PORT FOR SSH BEFORE YOU RESTART SSH IF YOU ARE WORKING FROM A REMOTE HOST OR YOU ARE --- SCREWED!!! edit /etc/ssh/sshd_config and change: #Port 22 Port 8302 Next, on hosts that will access ssh on the box that has ssh on the high port, either: (a) edit the system wide /etc/ssh/ssh_config and add the new host/port definition (Host on one line followed by Port on the next line) and it will be available for all users. eg: Host myhost.3111skyline.com myhost Port 8302 (b) if you want to limit access to yourself or a few users, just create a ~/.ssh/config file with the same Host/Port entries on your workstation or the workstations for each user who will access the box where ssh was moved to the high port finally, rcsshd restart Then just ssh as usual. You will have no more ssh attempts from the little weasels trying to get into your box showing up in your log file. Note: you will still need to specify the port information for sftp in kde4. For some reason it doesn't respect the ssh_config or ~/.ssh/config files. #2 limit mail service to IMAPS (dovecot with self-signed certificates works fine) #3 turn off anonymous ftp. Disable ftp completely until you need it. (ssh into the box and turn it on if you only use it every once and a while) #4 Use your router to close all ports except those that are needed and then use port forwarding to limit traffic on the open ports to a single host. (this works well for turning ftp off/on as well) It's usually called port forwarding on Linksys and other consumer cable/dsl routers. Let me know if you have any more tips as well. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org