OffTopic? protecting ssh

Fri Dec 2 09:22:44 EET 2011

On 11/30/2011 06:00 PM, Nick Demou wrote:

> για να μαθαίνουν οι νέοι και να μην ξεχνιούνται οι παλιοί:
> 
> άφησα κατά λάθος έναν server με το ssh να ακούει στην πόρτα 22 από το
> internet και σήμερα βρήκα report από το logwatch για 1600 login
> attempts per hour...(!!!)
> 
> 

Πετυχε κανενα; :P

Νομιζω οτι ειναι απο τις περιπτωσεις που ενδεικνυται το tarpitting :

   TARPIT
       Captures  and  holds  incoming  TCP connections using no local
per-connection resources. Connections are accepted, but immediately
switched to the persist state (0 byte window), in which the remote side
 stops sending  data  and asks to continue every 60-240 seconds.
Attempts to close the connection are ignored, forcing the remote side to
time out the connection in 12-24 minutes.

       (Please note: This target requires kernel support that might not
be available in official  Linux  kernel sources  or Debian's packaged
Linux kernel sources.  And if support for this target is available for
the specific Linux kernel source version, that support might not be
enabled  in  the  current  Linux  kernel binary.)

       This  offers  similar  functionality  to LaBrea
<http://www.hackbusters.net/LaBrea/> but doesn't require dedicated
hardware or IPs. Any TCP port that you would normally DROP or  REJECT
can  instead  become  a tarpit.