post 387

i have my home network set up so that i can ssh in to metatron from the outside world, because sometimes that can be very handy. for example, maybe i’m at someone else’s place and i want to get them a copy of a file i have at home. i can use sftp to get into metatron and grab it. or maybe i’m using an unsecure or otherwise untrusted internet connection and need to do something super sensitive (like checking my email!), with a little tweaking i can use an ssh tunnel as a socks proxy and route all of my traffic in an encrypted fashion back to my home internet connection.

the downside to having ssh open to the internet, however, is that it gets probed by malicious-types almost constantly. on bad days my logs show up towards 2500 attacks. i take a number of precautions to help mitigate the security risk, such as disabling remote access for sensitive accounts (like root) and using strong passwords, but it still worried me to see all of those access attempts. but the other day, i ran into something pretty cool: sshblack. sshblack watches system logs and when a remote machine reaches a certain configurable threshold for too many failed login attempts, it will instruct my firewall to drop all packets coming from that particular source. no longer do crackers have virtually unlimited attempts to guess a correct account/password combination; after the first few failures they can’t get as far as a login prompt anymore.

post 386

yesterday was such a nice day that i hopped the train to chicago and just wandered around taking pictures.