On Tue, 2005-09-06 at 20:16, Maciej ?enczykowski wrote: > Instead of keeping the ssh port open, use something like the following: > > -A INPUT -p tcp --dport SECRETPORT# -m recent --set > -A INPUT -p tcp --dport ssh -m state --state NEW -m recent --update > --seconds 43200 -j ACCEPT > > and then before ssh'ing in from outside telnet the SECRETPORT# on the > machine in order to open the ssh port for the next 12 hours. > Gets rid of script kiddies. Or just move the ssh port to another port number. I also got tired of all the log file activity. Moved ssh to another port and have not seen any of that traffic since then.
Paranoid Firewalling
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Paranoid Firewalling
- From: webid at cfl.rr.com (Scot L. Harris)
- Date: Wed Sep 7 00:50:52 2005
- In-reply-to: <Pine.LNX.4.63.0509070215300.7081@xxxxxxxxxxxxxxxx>
- References: <431DCFBE.60005@xxxxxxxxxx> <1126030074.32135.86.camel@xxxxxxxxxxxxx> <431DE114.40807@xxxxxxxxxx> <431E0462.8060206@xxxxxxxxx> <431E18CA.8080307@xxxxxxxxxx> <431E3047.2030606@xxxxxxxxxx> <Pine.LNX.4.63.0509070215300.7081@xxxxxxxxxxxxxxxx>
- References:
- Paranoid Firewalling
- From: Kirk Bocek
- Paranoid Firewalling
- From: Scot L. Harris
- Paranoid Firewalling
- From: Kirk Bocek
- Paranoid Firewalling
- From: Alex White
- Paranoid Firewalling
- From: Kirk Bocek
- Paranoid Firewalling
- From: Sam Drinkard
- Paranoid Firewalling
- From: Maciej Żenczykowski
- Paranoid Firewalling
- Prev by Date: /var/log/lastlog on x86_64
- Next by Date: Paranoid Firewalling
- Previous by thread: Paranoid Firewalling
- Next by thread: Paranoid Firewalling
- Index(es):
 |