l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2006 Jun 17 12:43

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Why change default ssh port?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Why change default ssh port?



Ryan wrote:
> On Monday 12 June 2006 12:27 pm, Rick Moen rick-at-linuxmafia.com |lugod| 
> wrote:
>   
>> Quoting Micah J. Cowan (micah@cowan.name):
>>     
>>> This seems a /bit/ harsh. And MB does make a valid point that the ROI on
>>> simply shifting the ports is somewhat impressive.
>>>       
>> "Return" in this context, on a properly maintained and administered
>> system, means "reduce from near-zero to near-zero".
>>
>> Of course, many people in practic measure "return" by "number of lines
>> per logcheck report to obsess over, because I'm really new to this
>> security thing and worry a lot".
>>     
>
> I run SSH on a port that is not 22 as well, for the simple reason that I do 
> not want to see the infernal bot probings show up in my log files on boxes 
> that I cannot firewall to only allow access from specific networks.  And it 
> will prevent wide scale untargeted automated attacks.  Certinaly it is no 
> substitute for patching and proper configureing of SSH, but IMHO it is worth 
> doing, as long is you keep in mind that if there's an exploit in SSHd it's 
> not a fix, and at most will prevent the dumber script kiddies from owning 
> your box.
>
>   
While all my machines run sshd on port 22, I have had some level of
success with running DenyHosts. This is python based and looks for
patterns of repeated login attempts and failures in the log and places
those hosts in the /etc/hosts.deny file. Interestingly, most IPs on that
list are APNIC ones.

So far, I haven't had any reports of false positives, where a legitimate
user got blocked out for repeat attempts at login with wrong passwords.

http://opensource.sfsu.edu/node/122

Sameer

-- 
Dr. Sameer Verma, Ph.D.
Asst. Professor of Information Systems
San Francisco State University
San Francisco CA 94132 USA
http://verma.sfsu.edu/
http://opensource.sfsu.edu/
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!