[geeks] ssh attacks
Mike Hebel
nimitz at nimitzbrood.com
Wed Aug 11 12:30:37 CDT 2004
> I've been tracking this thing for weeks. It's an automated probe tool
> using known accounts. I have some leads on the motive, but nothing
> concrete enough that I'm going to mention here.
>
> I *really* recommend that you move ssh to another port. You'll take
> yourself off the radar for 99% of the tools out there, unless they
> REALLY want YOUR box.
I'm an idiot here but I can't think of how to do this using IPF on the
firewall box remotely. If I try and it fuck it up I'm locked out.
Would this work:
block in quick on le0 proto tcp from $outside_IP to $firewall_IP port = 22
Mike
----
"I think we used too much!" - Chris Knight
More information about the geeks
mailing list