[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSH Attacks - What to do?
On Wed, 27 Jul 2005, Tim McDonough wrote:
> In reviewing the logs on my Linux server I see that for today and much
> of yesterday someone has a machine set up that's trying to log in
> every few seconds via SSH. They have had no success so far. Here's a
> snippet of the message log, the file is huge with these things. (The
> last two entries are me doing legitimate work.)
> Is there any way to stop this? Do I just depend on password security
> or are there other tools I can readily apply to help?
Yes, use tcp wrappers. /etc/hosts.allow and /etc/hosts.deny. This should
be step one in the process of securing any linux system.
In /etc/hosts.deny put
ALL: ALL
in /etc/hosts.allow put in the services and IP addresses of systems you
want to allow in. While this puts you in a bind with dynamic addresses,
there are some tricks to get around it (ie, if your dynamic on a subnet
you trust you can wrap in the subnet).
ie, if you want to access all services from a particular system:
ALL: x.x.x.x
If you want to wrap certain services check the service name in
/etc/services.
Sean...
--
The punk rock will get you if the government don't get you first.
--Old 97's
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
KG4NRC http://www.rimboy.com Your source for the crap you know you need.
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.