[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: crazy hackers and logwatch

From: Justin Conover <justin conover gmail com>
To: For testers of Fedora Core development releases <fedora-test-list redhat com>
Subject: Re: crazy hackers and logwatch
Date: Tue, 9 Aug 2005 13:13:48 -0500

On 8/9/05, Brian Gaynor <briang pmccorp com> wrote:
> On Tue, 2005-08-09 at 09:39 -0600, Kevin Fenzi wrote:
> > A better rule (IMHO), I use:
> >
> > $IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT
> >
> > This has the advantage of only blocking the offending IP if they go
> > over 1/min, but letting all other ip's still have access until they go
> > over the limit.
> 
> I've used similar rules for some time now and they've proven very
> effective. The only problem I've run into is with subversion over SSH,
> it generates a lot of  short connections sometimes (for example when
> browsing a repository) and can look like an attack to this kind of
> block. For that reason I am interested in testing DENYHOSTS.
> 
> --
> Brian Gaynor
> www.pmccorp.com
> FC4/Linux on DELL Inspiron 5160 3.0Ghz
> canis 08:55:20 up 26 min, 1
> user, load average: 0.27, 0.22,
> 
> 
> --
> fedora-test-list mailing list
> fedora-test-list redhat com
> To unsubscribe:
> http://www.redhat.com/mailman/listinfo/fedora-test-list
> 


Bastards really want in.


sshd:
  Authentication Failures:
     root (61.185.220.46): 528 Time(s)
     unknown (61.185.220.46): 221 Time(s)
     mail (61.185.220.46): 2 Time(s)
     mysql (61.185.220.46): 2 Time(s)
     news (61.185.220.46): 2 Time(s)
     adm (61.185.220.46): 1 Time(s)
     apache (61.185.220.46): 1 Time(s)
     bin (61.185.220.46): 1 Time(s)
     ftp (61.185.220.46): 1 Time(s)
     games (61.185.220.46): 1 Time(s)
     ldap (61.185.220.46): 1 Time(s)
     lp (61.185.220.46): 1 Time(s)
     nobody (61.185.220.46): 1 Time(s)
     operator (61.185.220.46): 1 Time(s)
     root (201.145.24.178): 1 Time(s)
     rpm (61.185.220.46): 1 Time(s)
     squid (61.185.220.46): 1 Time(s)
     sshd (61.185.220.46): 1 Time(s)
  Invalid Users:
     Unknown Account: 221 Time(s)
     Bad User: root: 1 Time(s)
  Sessions Opened:
     justin: 1 Time(s)

Follow-Ups:
- Re: crazy hackers and logwatch
  - From: Justin Conover

References:
- crazy hackers and logwatch
  - From: Justin Conover
- Re: crazy hackers and logwatch
  - From: Marco Meyerhofer
- Re: crazy hackers and logwatch
  - From: Kevin Fenzi
- Re: crazy hackers and logwatch
  - From: Brian Gaynor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]