On Thu, Mar 12, 2009 at 12:46 PM, Bruce Marshall <bmarsh@bmarsh.com> wrote:

> I routinely (as in always) tell ssh to use a port above 10000. *Saves a lot of
> usage by the script kiddies who want to beat on port 22.

I do port knocking :-)

Everything is closed until knock the door

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

On Thursday 12 March 2009, Bruce Marshall wrote:
>On Wednesday 11 March 2009, Alan Dacey wrote:
>> I believe that you can re-map the ports on your machine so that the
>> 'standard' ones can be changed. For example you can remap port 443 to
>> 56189. You could then ssh to port 56189 and the software inside your
>> machine would never know the difference. Unless your ISP blocks
>> everything, you are good to go. I have not done this, yet, but I have
>> read about it doing research to set up my own home ubuntu server.
>
>I routinely (as in always) tell ssh to use a port above 10000. Saves a lot
> of usage by the script kiddies who want to beat on port 22.

And my logs from dd-wrt indicate they spend a lot of time looking at ports
above 30,000. Pick it carefully.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If you don't do the things that are not worth doing, who will?


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Bruce Marshall wrote:

On Wednesday 11 March 2009, Alan Dacey wrote:


I believe that you can re-map the ports on your machine so that the
'standard' ones can be changed. For example you can remap port 443 to
56189. You could then ssh to port 56189 and the software inside your
machine would never know the difference. Unless your ISP blocks
everything, you are good to go. I have not done this, yet, but I have read
about it doing research to set up my own home ubuntu server.



I routinely (as in always) tell ssh to use a port above 10000. Saves a lot of
usage by the script kiddies who want to beat on port 22.




Fail2Ban is your friend here.* It's like DenyHosts, but using IPTABLES
rules for blocking instead of hosts.deny.* Moving the port isn't really
a complete solution, because you *will* be found in short order, and
then the attacks will commence on that port.* Some might get lucky, but
too many others don't.



I've been using Fail2Ban for about a year, and script kiddies always
get blocked (totally, not just SSH) with an IPTABLES rule after 6
attempts (all this is configurable).* I have it set to release that
IPTABLES block after 24 hours.* It's very effective.



* http://www.fail2ban.org/



And yes, it is in both the Debian and Ubuntu repositories.



So, no need to try moving your SSH server port around.* With tools like
this one, you can just use TCP 22 like normal.



--TP


_______________________________


Do you GNU?


Microsoft Free since 2003--the
ultimate antivirus protection!







--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

On Thursday 12 March 2009 07:22:13 Paul wrote:
> Mark Greenwood wrote:
> > Not strictly Kubuntu related this one, but there seem to be plenty of
> > clever people on here. Kind of follows on from the kmail discussion we
> > were having.
> <snip>
> > So.. what I want to do is to have a server at home. I should be able
> > to connect to this server via ssh from anywhere (I already have
> > dynamic DNS and the server, I just need to know what to install on
> > it....). This server provides me with IMAP mailbox(es), and collects
> > my POP3 mail from my ISP into those mailboxes. It also provides me
> > with an SMTP relay server so I can send mail via my ssh connection to
> > my ISP. I think the latter can be done somehow with sendmail.. but the
> > former..??
> >
> >
> > Doing it this way avoids the complexities and expenses of registering
> > my own email domain, which I really don't want to do.
> >
> >
> > Any hints or links gratefully appreciated.
> >
> >
> > Mark
> I've very recently done exactly that. I've collected all the links and
> tips I used on a page here >
> http://www.paulhurley.co.uk/geek-stuff-leftmenu-101/linux-leftmenu-108/63-home-mail-server.html
>
> I used Fetchmail > Postfix > SpamAssassin > Dovecot.
>
> Hope it helps.
>
> Paul.
> --
>
> http://www.paulhurley.co.uk/
>
Paul. thankyou. I haven't looked at it in detail yet.. but if those guides work I will be forever grateful. I was just starting to think this thing was more complex than I could be bothered with but you may have saved my bacon..


Mark

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users