Has been offline for almost a week now. I let the colo host at OVH expire because while it was a good deal the network connectivity was very bad.
I'll be moving it to the host Ian has running hopefully sometime this week.
Stay tuned for details.
-brian
Actually, no one has resumed their "hacking" after I launch my anti-hacking script.
I'm happy with my method.
sampsa <sampsa at mac.com>
mobile +44 7961 149465
On 8 Jan 2014, at 23:08, Sampsa Laine <sampsa at mac.com> wrote:
They can try, none have succeeded so far. They're script kiddies / bots anyway.
sampsa <sampsa at mac.com>
mobile +44 7961 149465
On 8 Jan 2014, at 23:01, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote:
I've seen idiots attacking ... via the SSH connection,=20
=20
FWIW, I've put all my public SSH ports on non-standard port numbers. =
It's
pretty much eliminated all the attacks.
=20
I think most of these attackers are bots and script kiddies, and they =
only
try the well known ports.
=20
Bob
=20
=20
=20
I personally run sshd in pubkey auth mode only, and when I see login =
attempts, I bombard the source IP with packets using nmap. Tends to stop =
them in about 30-90 secs.
You'd still be beter off running it on a non-standard port. Also, doing
onto others as they do on to you should be reserved only for good tasks;
bombing the source is a good way to get them to really go after you and
your systems.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
On Wed, 8 Jan 2014, Brian Schenkenberger, VAXman- wrote:
Cory Smelosky <b4 at gewt.net> writes:
On Wed, 8 Jan 2014, Brian Schenkenberger, VAXman- wrote:
You'd still be beter off running it on a non-standard port. Also, doing
onto others as they do on to you should be reserved only for good tasks;
bombing the source is a good way to get them to really go after you and
your systems.
So long as that's not the only method of "security" used. Auto portscan
and quick telnet probe can find SSH on port 1337 instead of 22 with ease.
It's no security! It does, however, keep the persistent port scanners from
consuming system resources. On VMS, touching the ssh port will initiate a
process to handle the authentication and create a pseudo-terminal for each
instance of a possible ssh session. This wastes process slots and carves a
lot of memory from the NPP.
Ahhhhh. I get what you're saying. I wasn't thinking in a VMS sense.
That is certainly sensible.
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
Cory Smelosky <b4 at gewt.net> writes:
On Wed, 8 Jan 2014, Brian Schenkenberger, VAXman- wrote:
You'd still be beter off running it on a non-standard port. Also, doing
onto others as they do on to you should be reserved only for good tasks;
bombing the source is a good way to get them to really go after you and
your systems.
So long as that's not the only method of "security" used. Auto portscan
and quick telnet probe can find SSH on port 1337 instead of 22 with ease.
It's no security! It does, however, keep the persistent port scanners from
consuming system resources. On VMS, touching the ssh port will initiate a
process to handle the authentication and create a pseudo-terminal for each
instance of a possible ssh session. This wastes process slots and carves a
lot of memory from the NPP.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
They can try, none have succeeded so far. They're script kiddies / bots anyway.
sampsa <sampsa at mac.com>
mobile +44 7961 149465
On 8 Jan 2014, at 23:01, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote:
I've seen idiots attacking ... via the SSH connection,=20
=20
FWIW, I've put all my public SSH ports on non-standard port numbers. =
It's
pretty much eliminated all the attacks.
=20
I think most of these attackers are bots and script kiddies, and they =
only
try the well known ports.
=20
Bob
=20
=20
=20
I personally run sshd in pubkey auth mode only, and when I see login =
attempts, I bombard the source IP with packets using nmap. Tends to stop =
them in about 30-90 secs.
You'd still be beter off running it on a non-standard port. Also, doing
onto others as they do on to you should be reserved only for good tasks;
bombing the source is a good way to get them to really go after you and
your systems.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
On Wed, 8 Jan 2014, Brian Schenkenberger, VAXman- wrote:
You'd still be beter off running it on a non-standard port. Also, doing
onto others as they do on to you should be reserved only for good tasks;
bombing the source is a good way to get them to really go after you and
your systems.
So long as that's not the only method of "security" used. Auto portscan
and quick telnet probe can find SSH on port 1337 instead of 22 with ease.
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
Sampsa Laine <sampsa at mac.com> writes:
On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote:
I've seen idiots attacking ... via the SSH connection,=20
=20
FWIW, I've put all my public SSH ports on non-standard port numbers. =
It's
pretty much eliminated all the attacks.
=20
I think most of these attackers are bots and script kiddies, and they =
only
try the well known ports.
=20
Bob
=20
=20
=20
I personally run sshd in pubkey auth mode only, and when I see login =
attempts, I bombard the source IP with packets using nmap. Tends to stop =
them in about 30-90 secs.
You'd still be beter off running it on a non-standard port. Also, doing
onto others as they do on to you should be reserved only for good tasks;
bombing the source is a good way to get them to really go after you and
your systems.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote:
I've seen idiots attacking ... via the SSH connection,
FWIW, I've put all my public SSH ports on non-standard port numbers. It's
pretty much eliminated all the attacks.
I think most of these attackers are bots and script kiddies, and they only
try the well known ports.
Bob
I personally run sshd in pubkey auth mode only, and when I see login attempts, I bombard the source IP with packets using nmap. Tends to stop them in about 30-90 secs.
I've seen idiots attacking ... via the SSH connection,
FWIW, I've put all my public SSH ports on non-standard port numbers. It's
pretty much eliminated all the attacks.
I think most of these attackers are bots and script kiddies, and they only
try the well known ports.
Bob
