[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Server Probing

On 29/01/13 17:18, Florez, Nestor wrote:

I apologize is this is the wrong place to ask about probing.

Some of our servers were probed back on the 24th of January
By these IP addresses

And in the last 24 hours by these IP addresses

I been getting a lot more server probing messages than usual
I was wondering how do you handle it?
What do you look for on your server to see if there are problems?

Any ideas will be appreciated.



Apart from fail2ban and the other suggestions, what I tend to do is to have in the DMZ a system to ssh into the rest of my system (commonly referred to as bastion host: http://en.wikipedia.org/wiki/Bastion_host). To quickly visualize this, you have:

Internet<->Firewall/DMZ (bastion host)<->Protected Network (Server1, Server2, ...Server n)

The idea is that only the Firewall/DMZ has port 22 open. You then have to do an extra SSH to get to the Server boxes. If you setup SSH keys to the bastion host instead of passwords, then that would be easier. So, you protect the rest of the network by avoid people probing your servers and you can reach them anytime you want by means of an extra SSH.


Best regards,

George Magklaras PhD
RHCE no: 805008309135525
Head of IT/Senior Systems Engineer
Biotechnology Center of Oslo and
the Norwegian Center for Molecular Medicine/
Vitenskapelig Databehandling (VD) -
Research Computing Services

EMBnet TMPC Chair


Tel: +47 22840535

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]