[TriEmbed] TriEmbed Digest, Vol 55, Issue 5

[Alex Davis]

> 
> Message: 1
> Date: Thu, 7 Dec 2017 16:33:23 -0500
> From: Brian <triembed at undecidedgames.net>
> To: triembed at triembed.org
> Subject: Re: [TriEmbed] [TAR] PiTunnel
> Message-ID: <5A29B3A3.3000106 at undecidedgames.net>
> Content-Type: text/plain; charset=windows-1252; format=flowed
> 
> If you want to cut down on the amount of hammering your SSH server gets 
> from the world at large (and it will get hammered, trust me[0]), you can:
> 
> - Set up firewall rules that block attempts from anywhere but places you 
> expect to be (at a risk of being locked out if you're somewhere new), or
> - Configure SSH to listen on a nonstandard port [1]
> 
> I use a combination of both: my more-secure system has firewall rules, 
> but another system accepts connections on a non-standard port.  Then, if 
> needed, I can connect to the secondary system with a key, from anywhere, 
> and open a hole in the firewall if necessary.
> 
> 

You can also set up fake ports that scanners like which will hold open connections and slow them down considerably:
https://www.symantec.com/connect/articles/slow-down-internet-worms-tarpits <https://www.symantec.com/connect/articles/slow-down-internet-worms-tarpits>

There’s also denyhosts, which blacklists source IPs which try to log on to your host too many times: http://denyhosts.sourceforge.net <http://denyhosts.sourceforge.net/>

Don’t bother sending your self alerts on port scans, they are extremely common and you will drive yourself nuts.

Alex


|\ |  (¯  \/ |¯\  |V| |\ ¯|¯ |¯) | \/ | | | |¯\ (¯   /¯  /\ |V|
|-||_ (_  /\ |_/ @| | |-| |  | \ | /\ |^| | |_/ (_ . \_  \/ | |







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.triembed.org/pipermail/triembed_triembed.org/attachments/20171208/62f5c422/attachment.htm>