Re: [tlug] attack via ssh? (don't panic :-P)

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "sjt" == Stephen J Turnbull <stephen@example.com> writes:

>>>>> "Michael" == Michael Reinsch <mr@example.com> writes:

    Michael> In my case I also cannot predict from which IP address I
    Michael> and my users are going to login, so static rules aren't
    Michael> very helpful.

    sjt> I can't either, but I can limit it to one of a half-dozen
    sjt> networks.  Of course, six of those are Class B or bigger, but
    sjt> still, there are 65536 Class B-sized blocks, so I've cut it
    sjt> by 99% or more.  :-)

BTW, in the last four days there have been 20 requests to open an SSH
connection, 16 were bogus and all were rejected, 4 were me and all
succeeded (ie, I think I've managed to include all of my ISPs dynamic
IPs).  So unless you really have no idea where your users might log in
from, opening up to whole networks where your users might come in from
is a viable strategy.


-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.