On Tuesday 21 August 2012 08:09:22 lina wrote: > On Tuesday 21,August,2012 07:48 PM, Eike Lantzsch wrote: > > On Monday 20 August 2012 09:59:47 lina wrote: > >> Hi, > >> > >> I ssh to a server which has 400+ users, active ones around 100. > >> > >> Frankly speaking, I would feel comfortable to hide my IP if possible, > >> > >> any suggestions (I checked the spoof, but seems not positive), > >> > >> Thanks with best regards, > > > > Hi lina! > > > > I followed the thread and I wonder why nobody recommended to change sshd > > to listen on any other port than 22, e.g. 2424. That will calm down most > > attacks / probing of ssh. > > That's very nice of you, I guess default many people had already changed > that port, and they thought I would have realized that earlier it's one > way of facing it. > > Well, I just made the change to the sshd_config to some other port and > also changed the iptables. > > > Also I wondered why nobody recommended to install DenyHosts? > > will install it. > > > I installed it on my OpenBSD gateway and it is quite funny to see which > > usernames and passwords are tried to get into the box. > > That was with sshd still listening on port 22. Now that it is on another > > port there were no probes whatever for about a year. Stupid hacking! > > > > Of course you need to inform your ssh users of the change. If the same > > machines on your own network still attack ssh than it should be easy to > > figure out which machine is doing that by looking at the MAC-address. > > quite interesting, how can I know its MAC address. arp -a
and do have a look at http://denyhosts.sourceforge.net/ > > Today I sent the email to administrator, here quote what he answered > me:"Do you wish to change password just to be sure? Once you change, you > let me know, I'll rsync all the password file. It could be a robot." > " > So I think it's better not bother him much. he didn't talk the questions > I asked and he referred that I should change password of those servers. > > Best regards, and also thanks all for your time and valuable suggestions, > Again kind regards, Eike -- Eike Lantzsch ZP6CGE Casilla de Correo 1519 1209 Asuncion / Paraguay -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201208210828.33545.zp6...@gmx.net
