On 4/29/20 8:41 AM, Mel Beckman wrote:
Is there any reason to have a root-enabled (or any) ssh server
exposed to the bare Internet? Any at all? Can you name one? I can’t.
That’s basically pilot error.
Remember HeartBleed? That didn't require a rout-enabled SSH server. It
didn't require SSH server.
That said, I use TCPWRAPPER to limit access to SSH to specific IP
addresses. I process my LogWatch messages manually. I pull the fire
alarm for showshoe probes, and excessive number of probes (over 30 in a
24-hour period). No registered abuse@ address in the WHOIS? The
offending netblock goes into my edge router ACL, because I have learned
that ne'er-do-wells without working abuse@ usually have other bad habits.
And I disclose this practice to all who use my network.
(Blackmail emails are another set-and-forget trigger, but that's a
subject for NANAE newsgroup.)
