[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH Attacks - What to do?

To: luci-discuss@luci.org
Subject: Re: SSH Attacks - What to do?
From: Damacus <damacus@bastion.yi.org>
Date: Thu, 28 Jul 2005 13:16:24 -0500
In-Reply-To: <20050728180243.20336.qmail@web54305.mail.yahoo.com>
Organization: Linux Users of Central Illinois
References: <Pine.LNX.4.44.0507271511200.28922-100000@waldorf.rimboy.com> <20050728180243.20336.qmail@web54305.mail.yahoo.com>
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org
User-Agent: Mutt/1.5.8i

Perhaps run SSH on a nonstandard port?

Perhaps set up a password-protected web interface that adds your current
IP (or an IP of your specification) to the allowed firewall list or
wrappers allow file?

-D

On Thu, Jul 28, 2005 at 11:02:43AM -0700, Derek Agar wrote:
> But the issue then becomes if he is on the rode and
> stops in at some coffe shop with wireless access.  In
> this scenario you are blocking all but exclusive
> addresses or subnets.  (though you could use this to
> allow all except certain addresses/subnets)
> 
> Anyone use anything more sophisticated to block the ip
> address after so many unsuccessfull attempts?
> Derek
> 
> --- Sean Jewett <sean@rimboy.com> wrote:
> 
> > On Wed, 27 Jul 2005, Tim McDonough wrote:
> > 
> > > In reviewing the logs on my Linux server I see
> > that for today and much 
> > > of yesterday someone has a machine set up that's
> > trying to log in 
> > > every few seconds via SSH. They have had no
> > success so far. Here's a 
> > > snippet of the message log, the file is huge with
> > these things. (The 
> > > last two entries are me doing legitimate work.)
> > 
> > > Is there any way to stop this? Do I just depend on
> > password security 
> > > or are there other tools I can readily apply to
> > help?
> > 
> > Yes, use tcp wrappers.  /etc/hosts.allow and
> > /etc/hosts.deny.  This should 
> > be step one in the process of securing any linux
> > system.  
> > 
> > In /etc/hosts.deny put
> > 
> > ALL:	ALL
> > 
> > in /etc/hosts.allow put in the services and IP
> > addresses of systems you 
> > want to allow in.  While this puts you in a bind
> > with dynamic addresses, 
> > there are some tricks to get around it (ie, if your
> > dynamic on a subnet 
> > you trust you can wrap in the subnet).  
> > 
> > ie, if you want to access all services from a
> > particular system:
> > 
> > ALL:	x.x.x.x
> > 
> > If you want to wrap certain services check the
> > service name in 
> > /etc/services.  
> > 
> > Sean...
> > 
> > 
> > --
> > The punk rock will get you if the government don't
> > get you first.
> > 	--Old 97's
> >
> _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
> > KG4NRC  http://www.rimboy.com  Your source for the
> > crap you know you need.
> > 
> > 
> > -
> > To unsubscribe, send email to majordomo@luci.org
> > with
> > "unsubscribe luci-discuss" in the body.
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> 
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
> 

-- 
--Damacus Porteng: damacus@bastion.yi.org
--IRC: net=irc.nullirc.net nick=damacus chan=#null
--Me: PHP Web Developer, Student, Computer/Linux Geek.

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

References:
- Re: SSH Attacks - What to do?
  - From: Sean Jewett <sean@rimboy.com>
- Re: SSH Attacks - What to do?
  - From: Derek Agar <derekagar@yahoo.com>

Prev by Date: Re: SSH Attacks - What to do?
Next by Date: Secure File Transfers
Prev by thread: Re: SSH Attacks - What to do?
Next by thread: Re: SSH Attacks - What to do?
Index(es):
- Date
- Thread