Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Brute Force Protection - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Brute Force Protection

2»

Comments

  • MCHPhilMCHPhil Member
    edited March 2014

    MCHPhil said: Security through obscurity is not security.

    The only defense is multi-layered and employs multiple techniques.

  • tchentchen Member

    @MCHPhil said:

    That, plus monitoring/alerting.

  • BAKABAKA Member
    edited March 2014

    Silvenga said: Can't we just port scan now with netcat and find the SSH port in minutes?

    Yes, you can do that.

    But if I am to scan ports, I would rather scan 1 port/machine * 65,535,000 machines than 65535 ports/machine * 1,000 machines.

    Most scanning behaviors are not targeted, and only try a few ports.

    Not quite agree.

    1: This port can be opened without a privileged account, which means I can write a simple script that listens to port 2222 and mimics SSH in order to capture your passwords.

    If sshd (root) has already occupied port 2222, non-priviledged software cannot kick sshd and listen to that port.

    2: is it a problem to have so many people banging at the front of your house?

    Yes, it is.

    For non-targeted scans, if port 22 is found to be open, further attack attempt is likely to happen; if not, seldom will they bother to attack.

    That means, a machine with port 22 may receive 100 attack attempts per month, while a machine with port 24739 receives only one.

    Given that other defending strength are the same, such probability does matter.

    I admit that if you are targeted, changing port does not help at all.

  • howardsl2howardsl2 Member
    edited March 2014
  • tchentchen Member

    hwdsl2 said: You can stop the port scanners cold in their tracks using an IPTables module ("psd") from the xtables-addons package.

    I installed it and locked myself out when I forgot which port I moved my ssh to and had to run nmap. /s

    Thanked by 1gattytto
  • howardsl2howardsl2 Member
    edited March 2014

    @tchen said:

    nvm :)

  • tchentchen Member

    @hwdsl2 I kid ;)

  • nunimnunim Member

    Moving SSH to a different port has stopped all SSH brute force attacks I was seeing. I've noticed that some networks are scanned far more often than others, i.e. I see a lot more attacks against SingleHop IPs than other providers.

    I know that changing the SSH port is "security through obscurity" and will not protect me against a determined attacker, however it does stop all the drive by attacks from scanner bots. I've been working on deploying CSF on all of my machines, my only complaint is that the built-in WebUI is awful. I've more than capable of managing CSF via SSH, however sometimes the WebUI is just more convenient.

    The built-in WebUI just eats CPU while it's active, I need to see how CSF is interfaced with cPanel and Webmin to see if it's possible to use my own webserver instead of the built in LFD daemon.

  • im new to the low end box world and finding it very interesting.
    ive configured iptables to only allow ssh access from my home and office IPs
    ive also configured to not allow root to ssh directly.
    one has webmin installed and the other whm dnsonly and ive configured those with the same ip retrictions...
    one server is a backup dns so i definitely need DNS open on it and the other has no need to interact with anyone other than my own servers... are there other ports/applications i should be securing?

  • said: what brute force protection do you use on your server?

    csf - lfd in ALL servers, fail2ban in VoIP servers

  • DewlanceVPSDewlanceVPS Member, Patron Provider
    1. Disable SSH root login
    2. Change ssh port
    3. Set maximum 1 failure in CSF(Ban for 2 days, etc)


  • @DewlanceVPS said:
    1. Disable SSH root login

    2. Change ssh port

    3. Set maximum 1 failure in CSF(Ban for 2 days, etc)


    Also disable passwords altogether and use SSH keys for authentication :)

    Thanked by 1DewlanceVPS
Sign In or Register to comment.