[H-SASIG] Proposed changes to Excalibur
Robert Brockway
robert at timetraveller.org
Thu Dec 3 01:27:44 EST 2009
On Mon, 30 Nov 2009, Russell Stuart wrote:
> True in a strict sense. But if you run your eye over the logs looking
> for something odd at the moment you will have a hard time seeing it
> because of all the noise generated by the hammering we get on port 22.
> It annoys me immensely.
But if you have problems with people probing port 22 there are plenty of
better solutions.
Better options include:
* Statically blocking access at a firewall
* Disabling password access and using key auth only
* Using fail2ban or a similar tool to dynamically block probes
* Port knocking
Changing the port causes problems with access[1]. People who may need
access can't infer the port. They would need to port scan or be told what
it is. In addition having non-standard ports causes problems with access
through firewalls as evidenced by the reports of problems with access from
Humbug.
[1] Oh how I wish more software supported DNS SRV records.
Cheers,
Rob
--
I tried to change the world but they had a no-return policy
http://www.practicalsysadmin.com
More information about the Sasig
mailing list