[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH Attacks - What to do?



But the issue then becomes if he is on the rode and
stops in at some coffe shop with wireless access.  In
this scenario you are blocking all but exclusive
addresses or subnets.  (though you could use this to
allow all except certain addresses/subnets)

Anyone use anything more sophisticated to block the ip
address after so many unsuccessfull attempts?
Derek

--- Sean Jewett <sean@rimboy.com> wrote:

> On Wed, 27 Jul 2005, Tim McDonough wrote:
> 
> > In reviewing the logs on my Linux server I see
> that for today and much 
> > of yesterday someone has a machine set up that's
> trying to log in 
> > every few seconds via SSH. They have had no
> success so far. Here's a 
> > snippet of the message log, the file is huge with
> these things. (The 
> > last two entries are me doing legitimate work.)
> 
> > Is there any way to stop this? Do I just depend on
> password security 
> > or are there other tools I can readily apply to
> help?
> 
> Yes, use tcp wrappers.  /etc/hosts.allow and
> /etc/hosts.deny.  This should 
> be step one in the process of securing any linux
> system.  
> 
> In /etc/hosts.deny put
> 
> ALL:	ALL
> 
> in /etc/hosts.allow put in the services and IP
> addresses of systems you 
> want to allow in.  While this puts you in a bind
> with dynamic addresses, 
> there are some tricks to get around it (ie, if your
> dynamic on a subnet 
> you trust you can wrap in the subnet).  
> 
> ie, if you want to access all services from a
> particular system:
> 
> ALL:	x.x.x.x
> 
> If you want to wrap certain services check the
> service name in 
> /etc/services.  
> 
> Sean...
> 
> 
> --
> The punk rock will get you if the government don't
> get you first.
> 	--Old 97's
>
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
> KG4NRC  http://www.rimboy.com  Your source for the
> crap you know you need.
> 
> 
> -
> To unsubscribe, send email to majordomo@luci.org
> with
> "unsubscribe luci-discuss" in the body.
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.