[geeks] SSH Scans Increasing
Joshua Boyd
jdboyd at jdboyd.net
Thu Aug 21 18:51:41 CDT 2008
On Aug 21, 2008, at 7:45 PM, Dan Duncan wrote:
> On Thu, Aug 21, 2008 at 10:20 AM, Joshua Boyd <jdboyd at jdboyd.net>
> wrote:
>> Wouldn't it be a bit simpler to just run ssh on 2 ports, 22 with a
>> whitelist and something else without, rather than port knocking?
>
> This doesn't trim your logs though.
>
> I'm running portknocking implemented entirely in my iptables firewall
> AND a whitelist of IP addresses/blocks also implemented entirely in
> the firewall with ssh only running on port 22. Addresses in the
> whitelist don't need to knock.
I assumed the port 22 whitelist would be implemented at the firewall
and thus not show up in the ssh logs.
More information about the geeks
mailing list