Most of the ssh "probes" we're seeing aren't dictionary attacks. They
are just looking for weak, insecure systems where well known accounts
have common passwords which we'll presume will then become owned for
spamming. Or so the honeypots seem to suggest.
Deny hosts is a perl script that will interact with TCPWrappers (man
tcpd) which is installed by default on OS X and will allow you to
block the offending incoming connections on the fly.
Note that inetd hasn't been used in OS X for some time, and that
Tiger specifically uses launchd instead of even xinetd.
Other than that have good passwords. You may want to try changing
the port SSH listens on.
Obfuscates, but anyone running a port mapper will just try the new port.
If these nuisance probes really bother you, install a bastion host.
--
-dhan
------------------------------------------------------------------------
Dan Shoop AIM: iWiring
Systems & Networks Architect http://www.iwiring.net/
email@hidden http://www.ustsvs.com/
iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
References:
>SSH attacks (From: Bruno Schaeffer <email@hidden>)
