Re: ssh scans

To: jruohonen%iki.fi@localhost
Subject: Re: ssh scans
From: Steven Bellovin <smb%cs.columbia.edu@localhost>
Date: Tue, 27 Oct 2009 04:58:09 -0400


On Oct 27, 2009, at 2:22 AM, Jukka Ruohonen wrote:

On Mon, Oct 26, 2009 at 12:42:57PM -0700, David Wetzel wrote:
I am seeing a lot of ssh scans and I am wondering if somebody has a
solution like adding the bad hosts temporary to pf.conf or so?
If you are from a smaller country and login only from that location,
something like

ALL     : localhost     : ALLOW
sshd    : .fi           : ALLOW
ALL     : ALL           : DENY
in hosts.allow(5) and "ALL : ALL" in hosts.deny(5) works quitereasonably.
- Jukka.
P.S. I believe that often this eternal issue is more about log spamratherthan about any real security threat. As for the special tools othershave
proposed, keep in mind that these tools have historically introduced
security issues themselves.

That depends on how bad your users are with password choices. Some ofmy students lost some VMs to attackers who got in via just thismechanism.


Me -- I permit public key authentication only.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: ssh scans
  - From: Greg A. Woods

References:
- ssh scans
  - From: David Wetzel
- Re: ssh scans
  - From: Jukka Ruohonen

Prev by Date: Re: ssh scans
Next by Date: RE: Re: Error compiling ndis_driver_data.h for Broadcom BCM4315
Previous by Thread: Re: ssh scans
Next by Thread: Re: ssh scans
Indexes:

Home | Main Index | Thread Index | Old Index