At 11:20 AM 12/3/01 -0800, Armando B. Ortiz wrote: >Per se, I have not seen anyone attacking my systems in general via SSH, >but I only allow limited access to my servers via any type of remote >login facility. > >Firewalling your SSH and only allowing connections into it that you want >might help to curb some of the attacks people are seeing. It's not very >difficult to do...just takes a little time. Good point. How many people need to allow SSH from the entire world? Setting up a firewall to only allow SSH from a few select static IPs is a much better idea. If that can't be done, at least limit allowed source IPs to the subnet that the remote user's ISP hands out via DHCP. (Most ISPs will at least provide this info, if they won't provide a static IP) SSH is a really useful tool, but is also a potentially very nasty single point of failure on many networks. Adam Manock ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 07:40:17 PST