[TriLUG] SSH Probing...

Paul D. Boyle boyle at laue.chem.ncsu.edu
Wed Mar 13 08:41:00 EST 2002


JoJo wrote:
> I have already had an ssh attack on one of my servers.  What are you
> using to spot this? How can I prevent ssh attacks besides turning off
> protocol 1 and disallowing root logon for ssh.

I compiled my ssh/sshd version with the '--with-tcp-wrappers option',
and then I control access with /etc/hosts.{allow,deny}.  I make use of
the tcp_wrappers "spawn" capability to email me whenever someone tries
to make unauthorized access via tcp_wrapped services.  Needless to say,
the file containing break in attempts and port scans is pretty large
after three or four years of doing this.

Paul

-- 
Paul D. Boyle			    |	boyle at laue.chem.ncsu.edu
Director, X-ray Structural Facility |	phone: (919) 515-7362
Department of Chemistry - Box 8204  |	FAX:   (919) 515-5079
North Carolina State University     | 
Raleigh, NC, 27695-8204
http://laue.chem.ncsu.edu/web/xray.welcome.html



More information about the TriLUG mailing list