some attack to fedora machine .
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Fri Apr 11 14:22:14 UTC 2008
Antti J. Huhtala wrote:
> A spot of overkill, perhaps?
>
> In my modest experience my Linux box has been compromised thŕee (3)
> times that I know of. The first was an RH 6.2 box, and my present box
> has been invaded twice, first during the FC6 era and then soon after my
> F8 installation last December.
> Each and every time the invader came in through ssh. Against my better
> judgement in installing F8 I allowed ssh to remain a "secure service" as
> suggested by the F8 installer. Well, it proved not to be.
>
> There seem to be some "sportsmen" out there who just can't resist the
> temptation of an open ssh port. Now, if I plan to use ssh to connect to
> my box from a remote location, I'm going to have iptables rules to allow
> ssh only from known addresses. Not very flexible, perhaps, but I don't
> want to allow these sportsmen in again.
>
> In each case, just wiping the installation clean and reinstalling with
> ssh port closed seems to have done the trick.
>
> My 2 c.
>
> Antti
>
You should also set up SSH to only use key pairs to allow logins.
Not username/passwork logins. This will foil "dictionary" attacks.
If you do need to allow username/passwork logins, use one of the
rate limiting packages to block the attacker after 3 or for login
failed logins in a row, or more then x attempts from one IP address
in a short period of time. Picking good passwords helps as well.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080411/107164ea/attachment-0001.sig>
More information about the fedora-list
mailing list