[nSLUG] Bell FibreOP port blocking

D G Teed donald.teed at gmail.com
Sat Oct 10 19:07:07 ADT 2015


Don't bother trying to protect yourself manually.  There are thousands of these
systems on botnets and compromised systems which will attack by brute force
script kiddies.

Use denyhosts or fail2ban.  It will automate finding attempts on the
logs and block them.

On Sat, Oct 10, 2015 at 5:44 PM, Vlado Keselj <vlado at dnlp.ca> wrote:
>
> I still see quite a few ssh attacks.  I recently checked on a server
> to find out that it had an ssh attack going on from an IP number (or a
> small variation of it) for the last 4 months, with almost 30,000 attempts
> per day.  I set iptables rules to for these IP numbers to DROP permanently
> (for a while), and added the rules to drop the packets from an IP number
> if too many attempts are made at SSH in a short time period.  These are
> actually quite nice rules that I would highly recommend.
>
> Vlado
>
> On Sat, 10 Oct 2015, George N. White III wrote:
>
>> On Sat, Oct 10, 2015 at 11:36 AM, Eugene Cormier <eugene.cormier at gmail.com> wrote:
>>       On Sat, Oct 10, 2015 at 02:26:54PM -0300, D G Teed wrote:
>>       >[...]
>>       >
>>       > SSH is best for home servers to run on an alternate port anyway, or you will
>>       > have brute force attempts hammering the system 24x7.
>>
>>       I put my ssh port to 443 so that I can connect from hotels and the
>>       like....
>>
>>       Eugene
>>
>>
>> Some corporate networks allow outgoing traffic on a few "standard" ports, so
>> ssh may have to use 22.   In my experience, the level of brute force attacks
>> has gone down in recent years.
>>
>> --
>> George N. White III <aa056 at chebucto.ns.ca>
>> Head of St. Margarets Bay, Nova Scotia
>>
>>
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
>


More information about the nSLUG mailing list