MORE SSH Hacking: heads-up <- TCP Wrappers
Trevor
trevor at gnuguy.com
Tue Aug 10 15:05:59 UTC 2004
Well, I run snort (http://www.snort.org/) and guardian scripts
(http://www.chaotic.org/guardian/) to control extensive hacking on SSH.
Because I have no guest or test or user accounts on my system, the IDS take
notice and guardian will modify the firewall (iptables) and cut off the
attack for a predetermined amount of time.
I too cannot selectively allow specific external IP addresses, so the IDS
does it's job to look for strange SSH login attempts. As always, keep your
OpenSSH packages up-to-date and take care when setting accounts/passwords.
Trev.
-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com]On Behalf Of Alexander Dalloz
Sent: Tuesday, August 10, 2004 8:24 AM
To: For users of Fedora Core releases
Subject: Re: MORE SSH Hacking: heads-up <- TCP Wrappers
Am Di, den 10.08.2004 schrieb Luis Miguel Cruz um 14:59:
> Use TCP Wrappers: /etc/hosts.allow and /etc/host.deny
But what does it help on systems where people have to login from
changing IPs and not from a fix IP net?
There is nothing really good we can do against it.
Seems all the hosts are already owned and try to enter more systems.
Alexander
More information about the fedora-list
mailing list