On 29/01/13 17:18, Florez, Nestor wrote:
Hi,
I apologize is this is the wrong place to ask about probing.
Some of our servers were probed back on the 24th of January
By these IP addresses
177.73.233.241
216.70.90.155
5.9.120.22
64.131.79.194
64.147.170.17
91.121.154.81
91.121.161.131
94.23.104.140
And in the last 24 hours by these IP addresses
168.144.28.111
176.9.220.214
178.210.163.150
184.107.226.10
208.116.60.208
62.75.182.85
80.13.187.24
91.121.154.81
91.121.162.58
95.211.25.18
I been getting a lot more server probing messages than usual
I was wondering how do you handle it?
What do you look for on your server to see if there are problems?
Any ideas will be appreciated.
Thanks!!!!
Né§t☼r
Apart from fail2ban and the other suggestions, what I tend to do is to
have in the DMZ a system to ssh into the rest of my system (commonly
referred to as bastion host: http://en.wikipedia.org/wiki/Bastion_host).
To quickly visualize this, you have:
Internet<->Firewall/DMZ (bastion host)<->Protected Network (Server1,
Server2, ...Server n)
The idea is that only the Firewall/DMZ has port 22 open. You then have
to do an extra SSH to get to the Server boxes. If you setup SSH keys to
the bastion host instead of passwords, then that would be easier. So,
you protect the rest of the network by avoid people probing your servers
and you can reach them anytime you want by means of an extra SSH.
GM
Best regards,
--
--
George Magklaras PhD
RHCE no: 805008309135525
Head of IT/Senior Systems Engineer
Biotechnology Center of Oslo and
the Norwegian Center for Molecular Medicine/
Vitenskapelig Databehandling (VD) -
Research Computing Services
EMBnet TMPC Chair
http://folk.uio.no/georgios
http://hpc.uio.no
Tel: +47 22840535
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
