I love IP Tables....

Manuel Arostegui Ramirez manuel at todo-linux.com
Sun May 27 18:41:30 UTC 2007 

El Domingo, 27 de Mayo de 2007 19:53, Amadeus W.M. escribió:
> On Sat, 26 May 2007 03:19:27 -0700, jdow wrote:
> > From: "Amadeus W.M." <amadeus84 at verizon.net>
> >
> >>> People asked - here is the answer:
> >>> # Then setup the reject trap
> >>> $IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack
> >>> --set $IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name
> >>> sshattack \
> >>>   --rcheck --seconds 180 --hitcount 2 -j LOG --log-prefix 'SSH REJECT:
> >>>   '
> >>> $IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack
> >>> \
> >>>   --rcheck --seconds 180 --hitcount 2 -j REJECT --reject-with
> >>>   tcp-reset
> >>>
> >>>
> >>> Adapt it to your configuration, of course. {^_^}   (I probably should
> >>> have included that in the first email for
> >>>         politeness. Please 'scuse me.)
> >>
> >> You do know, that if you run ssh on your pet's birthday port, rather
> >> than 22, you will not see any of the crap brute force attacks, don't
> >> you?
> >
> > Yes, but then I've faced enough port scans to realize that security
> > through obscurity is horse feathers.
> >
> > {^_-}
>
> Enough port scans, yes, but have you seen any ssh brute force attack on a
> port other than 22? I'll give you a penny for any that you see.
>
> Needless to say, the other security measures must still be in place. So
> even if they do figure out which port your sshd is running on, you still
> deal with them the way you normally do: allow connections from specific
> machines/ranges only and drop the rest. I'm only saying that hiding ssh
> will get rid of the scripts.
>
> At any rate, I really don't understand why they even bother with brute
> force. Do they ever find anything?

You'd be suprise how many system administrator still leave oracle:oracle 
or root:qwerty as usernames and passwords. So you do not want to know "lusers" 
most common passwords...
Even when they companys spend some thousands of euros (yeah, here in Europe) 
in expensive and well-known security products...
It's quite sad, but it's true, social engenieering and post-it with passwords 
are still in our lifes and in our monitors :-)



-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

More information about the fedora-list mailing list