[vox] [fwd] ssh "attacks" - distributed slow scans - not exactly "news", but?for the curious ...

Scott Miller scottlinux at gmail.com
Wed Dec 3 11:37:10 PST 2008


What are your thoughts on using /etc/hosts.deny to block ssh access
from entire geographical regions? I ran across this post which is very
curious:

http://nukecops.com/postp172318.html#172318

Scott

On Tue, Dec 2, 2008 at 05:45, Wes Hardaker <wjhns156 at hardakers.net> wrote:
>>>>>> On Mon, 1 Dec 2008 12:01:38 -0800, "Don W" <don.werve at gmail.com> said:
>
> DW> I usually configure sshd to listen on a non-standard port, at least
> DW> for any server that faces the outside world.  Doesn't do anything
> DW> against a deliberate attack, but it does help in protecting against
> DW> zero-day worms and such.
>
> Another suggestion: install the "denyhosts" package which watches for
> invalid logins and adds hosts to /etc/hosts.deny (which will block the
> remote machine from access to anything on the system that makes use of
> tcpwrappers, which is most everything these days)
>
> --
> "In the bathtub of history the truth is harder to hold than the soap,
>  and much more difficult to find."  -- Terry Pratchett
> _______________________________________________
> vox mailing list
> vox at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox
>


More information about the vox mailing list