Server Probing
AMD Paulius_J Jazauskas
amdpaulius at gmail.com
Thu Jan 31 14:26:42 UTC 2013
Very good suggestion Georgios! For me this structure is similar to VPN.
On Thu, Jan 31, 2013 at 2:42 PM, Georgios Magklaras
<georgios at biotek.uio.no>wrote:
> On 29/01/13 17:18, Florez, Nestor wrote:
>
>> Hi,
>>
>> I apologize is this is the wrong place to ask about probing.
>>
>> Some of our servers were probed back on the 24th of January
>> By these IP addresses
>> 177.73.233.241
>> 216.70.90.155
>> 5.9.120.22
>> 64.131.79.194
>> 64.147.170.17
>> 91.121.154.81
>> 91.121.161.131
>> 94.23.104.140
>>
>> And in the last 24 hours by these IP addresses
>> 168.144.28.111
>> 176.9.220.214
>> 178.210.163.150
>> 184.107.226.10
>> 208.116.60.208
>> 62.75.182.85
>> 80.13.187.24
>> 91.121.154.81
>> 91.121.162.58
>> 95.211.25.18
>>
>>
>> I been getting a lot more server probing messages than usual
>> I was wondering how do you handle it?
>> What do you look for on your server to see if there are problems?
>>
>> Any ideas will be appreciated.
>>
>> Thanks!!!!
>>
>> Né§t☼r
>>
>> Apart from fail2ban and the other suggestions, what I tend to do is to
> have in the DMZ a system to ssh into the rest of my system (commonly
> referred to as bastion host: http://en.wikipedia.org/wiki/**Bastion_host<http://en.wikipedia.org/wiki/Bastion_host>).
> To quickly visualize this, you have:
>
> Internet<->Firewall/DMZ (bastion host)<->Protected Network (Server1,
> Server2, ...Server n)
>
> The idea is that only the Firewall/DMZ has port 22 open. You then have to
> do an extra SSH to get to the Server boxes. If you setup SSH keys to the
> bastion host instead of passwords, then that would be easier. So, you
> protect the rest of the network by avoid people probing your servers and
> you can reach them anytime you want by means of an extra SSH.
>
> GM
>
> Best regards,
>
> --
> --
> George Magklaras PhD
> RHCE no: 805008309135525
> Head of IT/Senior Systems Engineer
> Biotechnology Center of Oslo and
> the Norwegian Center for Molecular Medicine/
> Vitenskapelig Databehandling (VD) -
> Research Computing Services
>
> EMBnet TMPC Chair
>
> http://folk.uio.no/georgios
> http://hpc.uio.no
>
> Tel: +47 22840535
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@**redhat.com<redhat-list-request at redhat.com>
> ?subject=unsubscribe
> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>
>
More information about the redhat-list
mailing list