[lug] Disregard: Re: keeping up with attacks
Chip Atkinson
chip at pupman.com
Mon May 20 19:34:28 MDT 2019
Doh! "Cancel" didn't quite turn out like I'd hoped...
On Mon, 20 May 2019, Chip Atkinson wrote:
> changing to a non standard port made all the difference for me. It was on the
> order of several hits/second sometimes. After the port change, it basically
> stopped.
>
> Disable root logins if not already mentioned.
>
> On Sat, 4 May 2019, duboulder wrote:
>
>> I use a no root, pubkey only, non standard port ssh as a second
>> connection method in case the vpn config gets borked during an update.
>> This a vm at provider with no console access atm. Is there a better way
>> of providing backup access?
>>
>>
>> Sent with ProtonMail Secure Email.
>>
>> ??????? Original Message ???????
>> On Saturday, May 4, 2019 10:15 AM, Stephen Kraus <ub3ratl4sf00 at gmail.com>
>> wrote:
>>
>> Why is your SSH public facing anyways? OpenVPN is free, set
>> it up and deny any SSH from external IPs. Best practice is to
>> always use VPN or a Jump Box to access SSH.
>>
>> On Sat, May 4, 2019, 11:52 AM Rob Nagler <nagler at bivio.biz> wrote:
>> My $.02 is that fail2ban and blocking specific IPs is
>> more expensive than letting sshd handle them. Spend
>> your energy on reducing the general risk profile of
>> your network and services.
>>
>> There are thousands of ssh attempts a day against our servers
>> to login as root. And, we have only a couple of public ssh
>> servers. The non-public only let through a handful of trusted
>> IPs via iptables.
>>
>> The public servers don't notice the attacks, because it's so
>> fast for sshd to reject them. fail2ban increases the server
>> (and my mental) load without a decrease in risk. There are
>> millions of bots out there. If sshd has a zero-day, we are
>> trouble, but so would AWS, GCP, Citibank, Amex, etc. They'll
>> be the first to be breached, not our servers. My experience
>> is that those patches come along pretty quickly. Much faster
>> than the botnets can be reprogrammed to attack the millions
>> of IPs that are running sshd.
>>
>> Rob
>>
>> _______________________________________________
>> Web Page: http://lug.boulder.co.us
>> Mailing List:
>> http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667
>> channel=#hackingsociety
>>
>>
>>
>>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
More information about the LUG
mailing list