Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH attacks

At 1:48 PM +0100 11/29/05, Bruno Schaeffer wrote: 
Hi,

I am running a Mac OS X Tiger Server and I am increasingly observing attacks trying to log in via SSH and guessing user ids and passwords. The server is only accessible via SSH from the Internet and only two user ids whose passwords are well chosen can log in via SSH. Nevertheless, I would like to limit those attacks since they also consume quite some resources, esp. bandwidth. What are you practicing or suggesting? I am using the firewall which is included with Mac OS X. 

Turn your computer off and place it in a vault is the best security.

Given that this is generally deemed inacceptable, you deal.

People ring doorbells and call wrong numbers all the time? What on earth are we to do? Panic? The might be calling us when we expect an important call, heck that's DoS!

Use a firewall, a real one, and protect your network. ipfw is not a firewall, it's a packet filter. There's a significant difference. Drop traffic you don't want, don't deny it.

Configure sshd to only permit certain accounts and IP addresses to use ssh inbound. This is highly preferable to doing this in ipfw. Conside running ssh on a different port, though this is a bit silly if you're already denying this using other methods.

Prohibit logins to root and other sensitive accounts like your admin account from all sources other than localhost. Connect using an unprivileged account and then su or ssh root@localhost once logged into such an account instead.

Run snort.

Realize that these feeble attempts are rather primitive.
--

-dhan

------------------------------------------------------------------------
Dan Shoop                                                   AIM: iWiring
Systems & Networks Architect                     http://www.iwiring.net/
email@hidden                                 http://www.ustsvs.com/

pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF  12B1 7840 3BE7 3736 DE0B

iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >SSH attacks (From: Bruno Schaeffer <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.