[Tfug] OT: Reporting Network Abuse?

Matthew Shucker mshucker at arizona.edu
Sun Jun 24 18:02:08 MST 2007


On 6/24/07, Robert Hunter <hunter at tfug.org> wrote:
>
>
> Define who can and cannot connect to services on your box via
> /etc/hosts.{allow,deny}, and that should prevent those clowns from
> ever getting a login prompt on your box again.
>

When I had the ssh port open on my home network, I noticed that almost all
of those invalid login attempts seemed to be script kiddies in Asia.  Since
I wasn't planning on going there, I added this to my /etc/hosts.deny:
sshd: .cn, .cn.net, .cn.com, .jp, .jp.com, .tw

I also used AllowUsers in sshd_config to restrict to my IDs.  I don't know
if it many any real difference, but it certainly didn't hurt to lock it down
more.

Matt



More information about the tfug mailing list