[nSLUG] Bell FibreOP port blocking

Vlado Keselj vlado at dnlp.ca
Sat Oct 10 17:44:27 ADT 2015


I still see quite a few ssh attacks.  I recently checked on a server
to find out that it had an ssh attack going on from an IP number (or a
small variation of it) for the last 4 months, with almost 30,000 attempts
per day.  I set iptables rules to for these IP numbers to DROP permanently
(for a while), and added the rules to drop the packets from an IP number
if too many attempts are made at SSH in a short time period.  These are
actually quite nice rules that I would highly recommend.

Vlado

On Sat, 10 Oct 2015, George N. White III wrote:

> On Sat, Oct 10, 2015 at 11:36 AM, Eugene Cormier <eugene.cormier at gmail.com> wrote:
>       On Sat, Oct 10, 2015 at 02:26:54PM -0300, D G Teed wrote:
>       >[...]
>       >
>       > SSH is best for home servers to run on an alternate port anyway, or you will
>       > have brute force attempts hammering the system 24x7.
>
>       I put my ssh port to 443 so that I can connect from hotels and the
>       like....
>
>       Eugene
>
>
> Some corporate networks allow outgoing traffic on a few "standard" ports, so
> ssh may have to use 22.   In my experience, the level of brute force attacks
> has gone down in recent years. 
>  
> --
> George N. White III <aa056 at chebucto.ns.ca>
> Head of St. Margarets Bay, Nova Scotia
>
>


More information about the nSLUG mailing list