(No, not retinal scans :)

After upgrading the home server today, I was looking through the logs, and noticed several simultaneous username/password guessing scripts probing the machine, connecting via SSH. Fortunately the machine that actually serves incoming SSH connections is a virtual machine, locked down with few packages installed and (relatively) good passwords. I still feel dirty, though.

I’m going to have to install a good portknocking package, I think. In the meantime, I’ve locked down the home server to only accept incoming SSH from a small number of machines. I should have done this long ago (both persephone and penelope already have this), but custom firewall rules with DD-WRT are hard, and so I punted.

This also means I’m probably going to have to replace my crappy Linksys running DD-WRT with a full-blown Linux box so that I can create a proper firewall. I really wonder sometimes if this whole “Internet” thing is worth the trouble.

posted at 9:36 pm on Friday, November 06, 2009 in Security | Comments Off on probes