[ale] SSH monitoring

Randy Ramsdell rramsdell at adelphia.net
Thu Nov 24 21:34:46 EST 2005 

On Thu, 2005-11-24 at 19:38 -0500, Robert L. Harris wrote:
> 
> I just leave it on 22 but only allow connections from 5 computes at work
> that are non-normal use machines.  Very few people have access to these
> machines and they don't have any special access, they just aren't
> firewalled off from 22.

Was this for Brandon? Trying to follow the thread and it looks like
Brandon needed some hints in what to do.


> Thus spake Randy Ramsdell (rramsdell at adelphia.net):
> 
> > On Thu, 2005-11-24 at 16:22 -0500, Brandon Colbert wrote:
> > > Thanks
> > > 
> > > I got the public/private key working great. Here's my next question.
> > > 
> > > Are the any programs out there besides monitoring the log files "secure 
> > > and messages" to help me monitor SSH for attacks? I guess I need 
> > > something like a HIDS or a HIDS will do.
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> > 
> > To be honest with you, the ssh port 22 will be bombarded by brute force
> > attacks all day everyday. One way to monitor this port is to enable
> > logging from iptables. Just use the -j LOG using the "syn" as a trigger.
> > Also, snort would be useful here along with Acid that will log to a
> > database and select from the database using php. 
> > 
> > My solution, however, was to NOT run on port 22. I run ssh on a non-
> > standard port and haven't had a single connect in 5 years to that port.
> > I still use iptables to log any syn packet however.
> > 
> > Hope this helps.
> > 
> > rcr
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> 
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                     | GPG Key ID: E344DA3B
> 
> DISCLAIMER:
>       These are MY OPINIONS             "We can't solve problems by using
>        ALONE.  I speak for                the same kind of thinking we used
>        no-one else.                         when we created them."
>                                           - Einstein
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list