[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSH Attacks - What to do?
Perhaps run SSH on a nonstandard port?
Perhaps set up a password-protected web interface that adds your current
IP (or an IP of your specification) to the allowed firewall list or
wrappers allow file?
-D
On Thu, Jul 28, 2005 at 11:02:43AM -0700, Derek Agar wrote:
> But the issue then becomes if he is on the rode and
> stops in at some coffe shop with wireless access. In
> this scenario you are blocking all but exclusive
> addresses or subnets. (though you could use this to
> allow all except certain addresses/subnets)
>
> Anyone use anything more sophisticated to block the ip
> address after so many unsuccessfull attempts?
> Derek
>
> --- Sean Jewett <sean@rimboy.com> wrote:
>
> > On Wed, 27 Jul 2005, Tim McDonough wrote:
> >
> > > In reviewing the logs on my Linux server I see
> > that for today and much
> > > of yesterday someone has a machine set up that's
> > trying to log in
> > > every few seconds via SSH. They have had no
> > success so far. Here's a
> > > snippet of the message log, the file is huge with
> > these things. (The
> > > last two entries are me doing legitimate work.)
> >
> > > Is there any way to stop this? Do I just depend on
> > password security
> > > or are there other tools I can readily apply to
> > help?
> >
> > Yes, use tcp wrappers. /etc/hosts.allow and
> > /etc/hosts.deny. This should
> > be step one in the process of securing any linux
> > system.
> >
> > In /etc/hosts.deny put
> >
> > ALL: ALL
> >
> > in /etc/hosts.allow put in the services and IP
> > addresses of systems you
> > want to allow in. While this puts you in a bind
> > with dynamic addresses,
> > there are some tricks to get around it (ie, if your
> > dynamic on a subnet
> > you trust you can wrap in the subnet).
> >
> > ie, if you want to access all services from a
> > particular system:
> >
> > ALL: x.x.x.x
> >
> > If you want to wrap certain services check the
> > service name in
> > /etc/services.
> >
> > Sean...
> >
> >
> > --
> > The punk rock will get you if the government don't
> > get you first.
> > --Old 97's
> >
> _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
> > KG4NRC http://www.rimboy.com Your source for the
> > crap you know you need.
> >
> >
> > -
> > To unsubscribe, send email to majordomo@luci.org
> > with
> > "unsubscribe luci-discuss" in the body.
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
>
--
--Damacus Porteng: damacus@bastion.yi.org
--IRC: net=irc.nullirc.net nick=damacus chan=#null
--Me: PHP Web Developer, Student, Computer/Linux Geek.
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.