some attack to fedora machine .

Mikkel L. Ellertson mikkel at infinity-ltd.com
Fri Apr 11 14:22:14 UTC 2008


Antti J. Huhtala wrote:
> A spot of overkill, perhaps?
> 
> In my modest experience my Linux box has been compromised thŕee (3)
> times that I know of. The first was an RH 6.2 box, and my present box
> has been invaded twice, first during the FC6 era and then soon after my
> F8 installation last December.
> Each and every time the invader came in through ssh. Against my better
> judgement in installing F8 I allowed ssh to remain a "secure service" as
> suggested by the F8 installer. Well, it proved not to be.
> 
> There seem to be some "sportsmen" out there who just can't resist the
> temptation of an open ssh port. Now, if I plan to use ssh to connect to
> my box from a remote location, I'm going to have iptables rules to allow
> ssh only from known addresses. Not very flexible, perhaps, but I don't
> want to allow these sportsmen in again.
> 
> In each case, just wiping the installation clean and reinstalling with
> ssh port closed seems to have done the trick.
> 
> My 2 c.
> 
> Antti
> 
You should also set up SSH to only use key pairs to allow logins. 
Not username/passwork logins. This will foil "dictionary" attacks. 
If you do need to allow username/passwork logins, use one of the 
rate limiting packages to block the attacker after 3 or for login 
failed logins in a row, or more then x attempts from one IP address 
in a short period of time. Picking good passwords helps as well.

Mikkel
-- 

   Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080411/107164ea/attachment-0001.sig>


More information about the fedora-list mailing list