Server Probing

AMD Paulius_J Jazauskas amdpaulius at gmail.com
Thu Jan 31 14:26:42 UTC 2013 

Very good suggestion Georgios! For me this structure is similar to VPN.

On Thu, Jan 31, 2013 at 2:42 PM, Georgios Magklaras
<georgios at biotek.uio.no>wrote:

> On 29/01/13 17:18, Florez, Nestor wrote:
>
>> Hi,
>>
>> I apologize is this is the wrong place to ask about probing.
>>
>> Some of our servers were probed back on the 24th of January
>> By these IP addresses
>>        177.73.233.241
>>        216.70.90.155
>>        5.9.120.22
>>        64.131.79.194
>>        64.147.170.17
>>        91.121.154.81
>>        91.121.161.131
>>        94.23.104.140
>>
>> And in the last 24 hours by these IP addresses
>>        168.144.28.111
>>        176.9.220.214
>>        178.210.163.150
>>        184.107.226.10
>>        208.116.60.208
>>        62.75.182.85
>>        80.13.187.24
>>        91.121.154.81
>>        91.121.162.58
>>        95.211.25.18
>>
>>
>> I been getting a lot more server probing messages than usual
>> I was wondering how do you handle it?
>> What do you look for on your server to see if there are problems?
>>
>> Any ideas will be appreciated.
>>
>> Thanks!!!!
>>
>> Né§t☼r
>>
>>  Apart from fail2ban and the other suggestions, what I tend to do is to
> have in the DMZ a system to ssh into the rest of my system (commonly
> referred to as bastion host: http://en.wikipedia.org/wiki/**Bastion_host<http://en.wikipedia.org/wiki/Bastion_host>).
> To quickly visualize this, you have:
>
> Internet<->Firewall/DMZ (bastion host)<->Protected Network (Server1,
> Server2, ...Server n)
>
> The idea is that only the Firewall/DMZ has port 22 open. You then have to
> do an extra SSH to get to the Server boxes. If you setup SSH keys to the
> bastion host instead of passwords, then that would be easier. So, you
> protect the rest of the network by avoid people probing your servers and
> you can reach them anytime you want by means of an extra SSH.
>
> GM
>
> Best regards,
>
> --
> --
> George Magklaras PhD
> RHCE no: 805008309135525
>  Head of IT/Senior Systems Engineer
> Biotechnology Center of Oslo and
> the Norwegian Center for Molecular Medicine/
> Vitenskapelig Databehandling (VD) -
> Research Computing Services
>
> EMBnet TMPC Chair
>
> http://folk.uio.no/georgios
> http://hpc.uio.no
>
> Tel: +47 22840535
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@**redhat.com<redhat-list-request at redhat.com>
> ?subject=unsubscribe
> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>
>

More information about the redhat-list mailing list