Server Probing

Georgios Magklaras georgios at biotek.uio.no
Thu Jan 31 12:42:29 UTC 2013


On 29/01/13 17:18, Florez, Nestor wrote:
> Hi,
>
> I apologize is this is the wrong place to ask about probing.
>
> Some of our servers were probed back on the 24th of January
> By these IP addresses
>        177.73.233.241
>        216.70.90.155
>        5.9.120.22
>        64.131.79.194
>        64.147.170.17
>        91.121.154.81
>        91.121.161.131
>        94.23.104.140
>
> And in the last 24 hours by these IP addresses
>        168.144.28.111
>        176.9.220.214
>        178.210.163.150
>        184.107.226.10
>        208.116.60.208
>        62.75.182.85
>        80.13.187.24
>        91.121.154.81
>        91.121.162.58
>        95.211.25.18
>
>
> I been getting a lot more server probing messages than usual
> I was wondering how do you handle it?
> What do you look for on your server to see if there are problems?
>
> Any ideas will be appreciated.
>
> Thanks!!!!
>
> Né§t☼r
>
Apart from fail2ban and the other suggestions, what I tend to do is to 
have in the DMZ a system to ssh into the rest of my system (commonly 
referred to as bastion host: http://en.wikipedia.org/wiki/Bastion_host). 
To quickly visualize this, you have:

Internet<->Firewall/DMZ (bastion host)<->Protected Network (Server1, 
Server2, ...Server n)

The idea is that only the Firewall/DMZ has port 22 open. You then have 
to do an extra SSH to get to the Server boxes. If you setup SSH keys to 
the bastion host instead of passwords, then that would be easier. So, 
you protect the rest of the network by avoid people probing your servers 
and you can reach them anytime you want by means of an extra SSH.

GM

Best regards,

-- 
-- 
George Magklaras PhD
RHCE no: 805008309135525
  
Head of IT/Senior Systems Engineer
Biotechnology Center of Oslo and
the Norwegian Center for Molecular Medicine/
Vitenskapelig Databehandling (VD) -
Research Computing Services

EMBnet TMPC Chair

http://folk.uio.no/georgios
http://hpc.uio.no

Tel: +47 22840535




More information about the redhat-list mailing list