[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSH Attacks - What to do?
I had a similar problem a few months ago. I solved the problem by
configuring my router to look for SSH requests on a unassigned port. ( Ie
forward all requests on port xxxx on router to the ssh service on my linux
box) this allowed me to connect from anywhere and it stopped the annoying
login attempts (it seemed that whoever was doing it was using a generic
script or program).
Dave
----- Original Message -----
From: "Derek Agar" <derekagar@yahoo.com>
To: <luci-discuss@luci.org>
Sent: Thursday, July 28, 2005 1:02 PM
Subject: Re: SSH Attacks - What to do?
> But the issue then becomes if he is on the rode and
> stops in at some coffe shop with wireless access. In
> this scenario you are blocking all but exclusive
> addresses or subnets. (though you could use this to
> allow all except certain addresses/subnets)
>
> Anyone use anything more sophisticated to block the ip
> address after so many unsuccessfull attempts?
> Derek
>
> --- Sean Jewett <sean@rimboy.com> wrote:
>
>> On Wed, 27 Jul 2005, Tim McDonough wrote:
>>
>> > In reviewing the logs on my Linux server I see
>> that for today and much
>> > of yesterday someone has a machine set up that's
>> trying to log in
>> > every few seconds via SSH. They have had no
>> success so far. Here's a
>> > snippet of the message log, the file is huge with
>> these things. (The
>> > last two entries are me doing legitimate work.)
>>
>> > Is there any way to stop this? Do I just depend on
>> password security
>> > or are there other tools I can readily apply to
>> help?
>>
>> Yes, use tcp wrappers. /etc/hosts.allow and
>> /etc/hosts.deny. This should
>> be step one in the process of securing any linux
>> system.
>>
>> In /etc/hosts.deny put
>>
>> ALL: ALL
>>
>> in /etc/hosts.allow put in the services and IP
>> addresses of systems you
>> want to allow in. While this puts you in a bind
>> with dynamic addresses,
>> there are some tricks to get around it (ie, if your
>> dynamic on a subnet
>> you trust you can wrap in the subnet).
>>
>> ie, if you want to access all services from a
>> particular system:
>>
>> ALL: x.x.x.x
>>
>> If you want to wrap certain services check the
>> service name in
>> /etc/services.
>>
>> Sean...
>>
>>
>> --
>> The punk rock will get you if the government don't
>> get you first.
>> --Old 97's
>>
> _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>> KG4NRC http://www.rimboy.com Your source for the
>> crap you know you need.
>>
>>
>> -
>> To unsubscribe, send email to majordomo@luci.org
>> with
>> "unsubscribe luci-discuss" in the body.
>>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.