D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Server got hacked


On 25 November 2013 16:15, bad apple <mr.meowski@xxxxxxxx> wrote:

Simon, you'd probably be interested in this, if you haven't seen it already:


Amongst other things, he points out that moving SSH ports is a waste of
time - if you can't lock down your SSH service properly in the first
place, a non-standard port isn't going to help!

I've personally seen countless attempts by botnets sniffing for SSH on
non-standard ports across my systems.

That's interesting, and clearly he's done more research than I. I ran kippo on a DMZ vm for a month or so, but there were zero attempts on non-port 22 by these bots.

My conclusions were based on a snapshot (until I got bored!) two and half years ago, so likely my advice /is/ outdated by now and concede my soapbox to anyone like yourself with more current knowledge!

I forgot one other thing in my list - restrict source IP on the port-forward rule in NAT. A luxury I can afford since I know I'll be coming from one of a few static IPs.  That's the main reason I don't have more useful stats on any production boxes.

My wibblings on the subject;


Incidentally, with a user of "root" and a cunning password of, wait for it, "root" - very few bots got through during this month. Enough for curiosity though.

The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq