Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: John Andersen <jsamyth@xxxxxxxxx>
  • Date: Sat, 03 Oct 2009 16:57:02 -0700
  • Message-id: <4AC7E4CE.6060003@xxxxxxxxx>
Roger Oberholtzer wrote:
On Sat, 2009-10-03 at 08:58 -0400, Cristian Rodríguez wrote:
On 03/10/09 09:00, Roger Oberholtzer wrote:

I am not sure how to proceed.
You can't actually proceed ;-) this is an issue with any network service
on planet earth, but you can protect yourself of being cracked by only
using public key authentication.

I was thinking more along the lines of moving my sshd to a less known
port. I access it in a controlled fashion. So, having it on a standard
port is not (I think) a requirement for me. Then, our NAT could simply
drop the sshd port accesses on the well-known port.

Roger Oberholtzer

As does port knocking.
There are some firewalls (Shorewall) that allow you to set up
port knocking, so that if you knock (ping) some arbitrary port
it will unlock some other arbitrary port for some configurable
period of time.
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >