Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
I see in my logwatch that there are about 1,000 attempts a day to brute force into my server. Is there anything I can do to stop this?
I also notice that the attempts are on weird ports like 2232 but are SSH brute force attempts. I thought that SSH was on port 22? :confused:
Brute Force Attacks
Started by
Guest_Wanch_*
, Oct 15 2007 04:58 PM
5 replies to this topic
Back to top|
|
|
#2
Guest_Lop_*
Posted 16 October 2007 - 12:02 PM
Guest_Lop_*
Guest_Lop_*
-
- Guests
About all you can do is ban their IP address from your server. I'm not sure about the ports, that is kind of weird.
#3
Guest_KernelKorn_*
Posted 16 October 2007 - 06:58 PM
Guest_KernelKorn_*
Guest_KernelKorn_*
-
- Guests
Is that port currently in use? IVS video default, that is I think. If the port isn't in use, could you also block that as well as doing an IP block?
#4
Guest_powerspike_*
Posted 16 October 2007 - 11:45 PM
Guest_powerspike_*
Guest_powerspike_*
-
- Guests
mabye that port # might of been the source port and not the destination, if you changed to using server keys instead of passwords you could pretty much disable password auth on the server =)
#5
Guest_Lop_*
Posted 17 October 2007 - 05:08 AM
Guest_Lop_*
Guest_Lop_*
-
- Guests
I've never been able to get SSH keys to work per user, only with root. How is it done with a single user?
#6
Guest_powerspike_*
Posted 17 October 2007 - 03:39 PM
Guest_powerspike_*
Guest_powerspike_*
-
- Guests
personaly, i'm not sure - i haven't used keys myself, my workmate has set them all up, i usally just lock down ssh to ip address ranges that i know i will be accessing from, and just just a DROP rule for the rest of the incoming traffic (i also have shell access on a few severs, so i cam relay in if needed as well). i think that is the most secure way of doing it, only allowing traffic from trusted sources and droping the rest.
to each their own !
to each their own !
