Mailinglist Archive: opensuse (1986 mails)

< Previous Next >
[opensuse] Results of moving ssh to a high port - Zero script kiddies in a 24 hour period.
  • From: "David C. Rankin" <drankinatty@xxxxxxxxxxxxxxxxxx>
  • Date: Thu, 27 Nov 2008 01:30:10 -0600
  • Message-id: <492E4C82.1040100@xxxxxxxxxxxxxxxxxx>
Listmates,

Moving ssh to a high port has been a resounding success at completely
eliminating the dictionary attacks against my server. And so far, I have not
had one single instance since making the change. I don't have any great
statistics, but I do have one that shows the impact very clearly. The number of
log entries per 24 hour period before and after.

Before the change (November 21) I had over 5000 ssh attempts on port
22. There
were periods where there were multiple attempts every second:

16:36 nirvana~/linux/boxes/bonza/log> wc -l < 20081121.log
5353

After the change:

16:37 nirvana~/linux/boxes/bonza/log> wc -l < 20081125.log
294

Less than 300 entries in the logs in _total_ for an entire 24 hour
period. If
you have similar issues, and your real user needs can be accommodated on a high
port, I highly recommend it.

--
David C. Rankin, J.D.,P.E. | openSoftware und SystemEntwicklung
Rankin Law Firm, PLLC | Countdown for openSuSE 11.1
www.rankinlawfirm.com | http://counter.opensuse.org/11.1/small
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >