[SOLVED] Port Forwarding question regarding security.
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So, This may be the incorrect place to post this, if it is please let me know.
Basically, I am new to Linux in general and am unsure about many things.
To cut it short, I want to open port 22 to a machine on my network, not for ssh access, but to monitor and record login attempts by other people (using iptables or something).
Would this be safe? Advised? Nonsensical? Why or why not?
Any helpful responses will be greatly appreciated, thanks in advance.
[FONT="Arial"]So, This may be the incorrect place to post this, if it is please let me know.
Basically, I am new to Linux in general and am unsure about many things.
To cut it short, I want to open port 22 to a machine on my network, not for ssh access, but to monitor and record login attempts by other people (using iptables or something). Would this be safe? Advised? Nonsensical? Why or why not?
Linux doesn't have much to do with this, in all honesty. What you're talking about is basic network security, and for that you'd be better off with a real network security solution. IDS systems like Snort exist to do this very thing, and generate useful data from attempts.
You may also want to look into setting up a network honeypot, which would fool attackers into thinking they had compromised a server and record what they did afterwards. Apart from the research aspect (which you may be interested in so I don't want to discourage you), you're likely to be disappointed if you just setup, say an iptables firewall that drops and logs all port 22 login attempts. On any server connected to the internet with port 22 open, you will see brute-force login attempts in your logs all day, every day.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.