On Thu, 2005-02-10 at 09:08 -0700, Colin Anderson wrote: > >The hack came in through ssh. > > IMO, your best defence is an extremely strong root password; I am often > mortified by looking at my logs and seeing all of the login attempts through > SSH. > > OT: I am not up on Linux script-kiddie type tools, but I assume that there > is a script of some sort that automates SSH probes. Can anyone suggest a > good counter i.e. honeypot or throttling logon attempts. Yes, I know I can > google it, but I'd rather hear the opinion of real Linux experts rather than > the "experts" at About.com.
First, turn off root access from ssh. That is the first problem. Root should never be allowed to login except on console. Second, become familiar with su or sudo. Once you learn to login as your user and use su to become root, you learn that you have about three times as long of a root password. The first portion being a valid username, the second portion being a password for that username, and the third portion is either a root password or a valid local root exploit code. Recently the topic of brute force ssh attacks came up on our linux users group mailing list. The best option we had suggested was to do the above, then move ssh to a non standard port. Most scripts that are going to attack you are not going to consider the possibility that you are on a non standard port. Either you answer where they expect or they move on. -- Steven Critchfield <[EMAIL PROTECTED]> _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
