Chuck Hast wrote:
>My problem there is I have several who are working off of .no-ip.com or
>similar addresses I will see how the domain name works for them, if that
>works then I just have to get data on additional users as they come on
>line. My original fix was to send them directly to the application, i.e. when
>they log in they go direct to the app they are going to be working with.
>no system command line, just the app.
>
I hate to recommend security by obscurity, but configuring sshd to
listen on another port (and block "worldwide" connections to port 22)
would cut down on the number of "door knockers". Granted, the port is
still there, but most script kiddies won't care to try to connect to
every open port on your box to find the SSH banner before running their
most likely pre-canned brute-force ssh login guessing script.
What really drives me nuts is having sshd error out and randomly die due
to the entropy pool being exhausted by those incessant connections by
more agressive script kiddies.
- Ian C. Blenke <icblenke@nks.net>
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:48:35 EDT