am I hacked?
Scott van Looy
scott at ethosuk.org.uk
Mon Apr 23 05:54:55 UTC 2007
On Apr 22 Keith G. Robertson-Turner did spake thusly:
> Verily I say unto thee, that Manuel Arostegui Ramirez spake thusly:
>> El Domingo, 22 de Abril de 2007 02:50, Keith G. Robertson-Turner escribió:
>
>>> I have hundreds off ssh attacks every day. Just make sure you have a
>>> *very* secure password (or don't forward ssh from the router).
>>>
>>> I also use "denyhosts" which I've found extremely useful (it's in extras).
>
>> That plus some kind of app such as fail2ban to permit only like like 3 attemps
>> of login
>
> Denyhosts already does that.
>
> I'll check out fail2ban though, it's always nice to have alternatives.
iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \
recent --set
iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \
recent --update --seconds 60 --hitcount 4 -j DROP
This'll drop anything over 4 connections from an IP within 60 seconds -
might also be of use for an SSH attack
--
Scott van Looy - email:me at ethosuk.org.uk | web:www.ethosuk.org.uk
site:www.freakcity.net - the in place for outcasts since 2003
PGP Fingerprint: 7180 5543 C6C4 747B 7E74 802C 7CF9 E526 44D9 D4A7
-------------------------------------------
|/// /// /// /// WIDE LOAD /// /// /// ///|
-------------------------------------------
Paralysis through analysis.
More information about the fedora-list
mailing list