[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Server Probing



On 29/01/13 17:18, Florez, Nestor wrote:
Hi,

I apologize is this is the wrong place to ask about probing.

Some of our servers were probed back on the 24th of January
By these IP addresses
       177.73.233.241
       216.70.90.155
       5.9.120.22
       64.131.79.194
       64.147.170.17
       91.121.154.81
       91.121.161.131
       94.23.104.140

And in the last 24 hours by these IP addresses
       168.144.28.111
       176.9.220.214
       178.210.163.150
       184.107.226.10
       208.116.60.208
       62.75.182.85
       80.13.187.24
       91.121.154.81
       91.121.162.58
       95.211.25.18


I been getting a lot more server probing messages than usual
I was wondering how do you handle it?
What do you look for on your server to see if there are problems?

Any ideas will be appreciated.

Thanks!!!!

Né§t☼r

Apart from fail2ban and the other suggestions, what I tend to do is to have in the DMZ a system to ssh into the rest of my system (commonly referred to as bastion host: http://en.wikipedia.org/wiki/Bastion_host). To quickly visualize this, you have:

Internet<->Firewall/DMZ (bastion host)<->Protected Network (Server1, Server2, ...Server n)

The idea is that only the Firewall/DMZ has port 22 open. You then have to do an extra SSH to get to the Server boxes. If you setup SSH keys to the bastion host instead of passwords, then that would be easier. So, you protect the rest of the network by avoid people probing your servers and you can reach them anytime you want by means of an extra SSH.

GM

Best regards,

--
--
George Magklaras PhD
RHCE no: 805008309135525
Head of IT/Senior Systems Engineer
Biotechnology Center of Oslo and
the Norwegian Center for Molecular Medicine/
Vitenskapelig Databehandling (VD) -
Research Computing Services

EMBnet TMPC Chair

http://folk.uio.no/georgios
http://hpc.uio.no

Tel: +47 22840535



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]