Very good suggestion Georgios! For me this structure is similar to VPN. On Thu, Jan 31, 2013 at 2:42 PM, Georgios Magklaras <georgios@xxxxxxxxxxxxx>wrote: > On 29/01/13 17:18, Florez, Nestor wrote: > >> Hi, >> >> I apologize is this is the wrong place to ask about probing. >> >> Some of our servers were probed back on the 24th of January >> By these IP addresses >> 177.73.233.241 >> 216.70.90.155 >> 5.9.120.22 >> 64.131.79.194 >> 64.147.170.17 >> 91.121.154.81 >> 91.121.161.131 >> 94.23.104.140 >> >> And in the last 24 hours by these IP addresses >> 168.144.28.111 >> 176.9.220.214 >> 178.210.163.150 >> 184.107.226.10 >> 208.116.60.208 >> 62.75.182.85 >> 80.13.187.24 >> 91.121.154.81 >> 91.121.162.58 >> 95.211.25.18 >> >> >> I been getting a lot more server probing messages than usual >> I was wondering how do you handle it? >> What do you look for on your server to see if there are problems? >> >> Any ideas will be appreciated. >> >> Thanks!!!! >> >> Né§t☼r >> >> Apart from fail2ban and the other suggestions, what I tend to do is to > have in the DMZ a system to ssh into the rest of my system (commonly > referred to as bastion host: http://en.wikipedia.org/wiki/**Bastion_host<http://en.wikipedia.org/wiki/Bastion_host>). > To quickly visualize this, you have: > > Internet<->Firewall/DMZ (bastion host)<->Protected Network (Server1, > Server2, ...Server n) > > The idea is that only the Firewall/DMZ has port 22 open. You then have to > do an extra SSH to get to the Server boxes. If you setup SSH keys to the > bastion host instead of passwords, then that would be easier. So, you > protect the rest of the network by avoid people probing your servers and > you can reach them anytime you want by means of an extra SSH. > > GM > > Best regards, > > -- > -- > George Magklaras PhD > RHCE no: 805008309135525 > Head of IT/Senior Systems Engineer > Biotechnology Center of Oslo and > the Norwegian Center for Molecular Medicine/ > Vitenskapelig Databehandling (VD) - > Research Computing Services > > EMBnet TMPC Chair > > http://folk.uio.no/georgios > http://hpc.uio.no > > Tel: +47 22840535 > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@**redhat.com<redhat-list-request@xxxxxxxxxx> > ?subject=unsubscribe > https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list> > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
