Off topic: Hacker

Sjoerd Mullender sjoerd at acm.org
Mon Aug 15 16:50:51 UTC 2005


Thomas Cameron wrote:
>>Hi there,
>>
>>I know this is not the correct forum to ask this question, but I have to
>>start somewhere.......
>>
>>I have a friend with a linux firewall box.
>>There appears to be a very simple minded hacker trying to do simple ssh
>>password attacks on this box.
>>
>>I have been using whois and reporting this to each ISP he/she is coming
>>from
>>but he/she just breaks into a different machine on an new ISP and tries
>>again.
>>
>>Is there something more I can do to track this person down?
>>Thanks.
> 
> 
> 
> As others have said, it's more than likely script kiddy on a compromised
> machine.  A recent thread on the Fedora-test list had a really cool set of
> firewall rules to fight this.  Check out
> 
> https://www.redhat.com/archives/fedora-test-list/2005-August/msg00082.html
> 
> for the rule.
> 
> Thomas
> 

You could also install and configure pam_abl from Fedora extras.  For
configuration see the included README.Fedora.

Summary     : A Pluggable Authentication Module (PAM) for auto blacklisting
Description :
Provides auto blacklisting of hosts and users responsible for repeated
failed authentication attempts. Generally configured so that
blacklisted users still see normal login prompts but are guaranteed to
fail to authenticate. A command line tool allows to query or purge the
databases used by the pam_abl module.

-- 
Sjoerd Mullender
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 369 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050815/b18ad549/attachment-0001.sig>


More information about the fedora-list mailing list