[ale] SSH monitoring

Robert L. Harris Robert.L.Harris at rdlg.net
Thu Nov 24 19:38:55 EST 2005 


I just leave it on 22 but only allow connections from 5 computes at work
that are non-normal use machines.  Very few people have access to these
machines and they don't have any special access, they just aren't
firewalled off from 22.


Thus spake Randy Ramsdell (rramsdell at adelphia.net):

> On Thu, 2005-11-24 at 16:22 -0500, Brandon Colbert wrote:
> > Thanks
> > 
> > I got the public/private key working great. Here's my next question.
> > 
> > Are the any programs out there besides monitoring the log files "secure 
> > and messages" to help me monitor SSH for attacks? I guess I need 
> > something like a HIDS or a HIDS will do.
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> 
> To be honest with you, the ssh port 22 will be bombarded by brute force
> attacks all day everyday. One way to monitor this port is to enable
> logging from iptables. Just use the -j LOG using the "syn" as a trigger.
> Also, snort would be useful here along with Acid that will log to a
> database and select from the database using php. 
> 
> My solution, however, was to NOT run on port 22. I run ssh on a non-
> standard port and haven't had a single connect in 5 years to that port.
> I still use iptables to log any syn packet however.
> 
> Hope this helps.
> 
> rcr
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | GPG Key ID: E344DA3B

DISCLAIMER:
      These are MY OPINIONS             "We can't solve problems by using
       ALONE.  I speak for                the same kind of thinking we used
       no-one else.                         when we created them."
                                          - Einstein

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature

More information about the Ale mailing list