On Sun, Mar 7, 2010 at 16:48, Erik Norgaard <norga...@locolomo.org> wrote:
> On 07/03/10 21:41, dacoder wrote: > > has anybody suggested having sshd listen on a high port? >> > > Any number will do, think about it: > > a. The attacker doesn't really care which host is compromised any will do, > and better yet someones home box as it is more difficult to trace him. In > that case he will scan large ip-ranges for hosts listening on port 22. > > b. The attacker wants to gain control of a particular server. In that case > he will scan all ports to see what services are running and determine which > services are running on each port. In that case running ssh on a > non-standard port is futile. > > However, I'm not really a fan of using non-standard ports for ssh, I don't > believe it's the right solution to the problem: You have ssh access to the > outside because people travel and need remote access. In that case they > might find themselves under other security policies which block access to > services deemed unnecessary. Running ssh on a non-standard port is likely to > be blocked on the client network - unless you run on, say, port 80. > > The more uses you have, the more problems you will have running ssh on a > non-standard port, the time you save checking your logs may easily be spent > on end user support. > > OP referred to significant impact on bandwidth which I find difficult to > believe. In case connections come from a single ip at a time then you should > tweak LoginGraceTime, MaxAuthTries, MaxSessions to reduce the number of > concurrent un-authenticate connections and slow down brute force attacks. > > Much better, restrict the client access to certain ranges of IPs. The > different registries publish ip ranges assigned per country and you can > create a list blocking countries you are certain not to visit, you can use > my script: > > http://www.locolomo.org/pub/src/toolbox/inet.pl > > Great script! Just one question. Where do you put the list of denied ip ranges? > > BR, Erik > > -- > Erik Nørgaard > Ph: +34.666334818/+34.915211157 http://www.locolomo.org > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
