[PLUG] sshd attacks
Elliott Mitchell
ehem at m5p.com
Mon Jan 10 20:13:55 UTC 2005
>From: Matt Alexander <lowbassman at gmail.com>
> Josh Orchard wrote:
> >Thanks all. I see I either have to write a script to read the logs
> >and place in the iptables filter or do it manually or just forget
> >about it and let it be.
> >
> >I suppose I could just limit which ip is allow to ssh into the box.
> >That would surely slow down the attacks but also limits my ability to
> >connect to the box when I travel as my laptop changes ip as I move.
> >Too bad you can't get a fix but mobile IP number. Hmm. I'll have to
> >think about that one.
>
> You could also setup Port Knocking to only open port 22 after a
> successful knock.
>
> http://techrepublic.com.com/5100-22_11-5481894.html
Thing is port knocking merely amounts to another password. An interesting
one, but still simply a password. If port knocking was to become really
popular, the scripts would simply start attempting to attack it. Like
passwords, port knocking is completely vulnerable to sniffing.
--
(\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/)
\ ( | EHeM at gremlin.m5p.com PGP 8881EF59 | ) /
\_ \ | _____ -O #include <stddisclaimer.h> O- _____ | / _/
\___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/
More information about the PLUG
mailing list