Found, a new rootkit
Neil Cherry
ncherry at comcast.net
Sat Apr 1 18:11:58 UTC 2006
Rahul Sundaram wrote:
> On Sat, 2006-04-01 at 12:56 -0500, Neil Cherry wrote:
>> Gene Heskett wrote:
>>> On Friday 31 March 2006 19:42, John Summerfield wrote:
>>>> A reasonable security system would shut down the login process for a
>>>> time after some number of consecutive failed login attempts. It's a
>>>> rule that's been around for a long time, it's even in Linux, but
>>>> implemented poorly.
>>> And how does one go about turning that option on, with say a 15 minute
>>> timeout?
>> Check out pam_abl on http://www.hexten.net/pam_abl/ (SourceForge
>> project).
>
> If you want to go this route, both denyhosts and pam_abl are available
> for Fedora Extras.
I've also use a Perl script to add these IP addresses to an iptables
list but even with summarization I had thousands of denies. So I
only allow a select few sites to get to my ssh and the attacks have
completely stopped. Though I will say I'm not doing this commercially.
--
Linux Home Automation Neil Cherry ncherry at linuxha.com
http://www.linuxha.com/ Main site
http://linuxha.blogspot.com/ My HA Blog
http://home.comcast.net/~ncherry/ Backup site
More information about the fedora-list
mailing list