[K12OSN] OT: Break-In report
"Terrell Prudé Jr."
microman at cmosnetworks.com
Wed Jan 2 16:42:39 UTC 2008
Seconded regarding denyhosts; it is very nice. In addition, I also
allow SSH connections only from certain subnets--yes, even on the
trusted network. Kids are quite inventive, you know. Just throw up a
couple of iptables lines like this:
# Permit only 192.168.1.0/24 to SSH to us
iptables -A INPUT -i eth0 -p tcp --source 192.168.1.0/24
--destination-port 22 -j ACCEPT
# Deny everything else on TCP 22
iptables -A INPUT -i eth0 -p tcp --destination-port 22 -j DROP
And you can add any other self-protection rules that you like.
--TP
_______________________________
Do you GNU <http://www.gnu.org>?
Microsoft Free since 2003 <http://www.cmosnetworks.com>--the ultimate
antivirus protection!
Michael Blinn wrote:
> Not true. I use and recommend the package 'denyhosts' - Nice little
> python script that daemonizes to periodically check /var/log/secure,
> adding IPs from brute-force attackers to /etc/hosts.deny, then emails
> me its actions. You can also set an auto-expire time for those blocks.
> I love it.
> -Michael
>
> Les Mikesell wrote:
>> There is quite a lot of ssh password guessing going on over the
>> internet. If you have systems with the ssh port exposed, you can
>> expect to see a few hundred attempts a day in the logs - a slow
>> enough rate that you might not notice but the attackers are probably
>> spreading their attempts over thousands of systems. There are some
>> packages that watch the logs and firewall addresses with repeated
>> failed attempts but none are included in the distribution.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20080102/74a9b60f/attachment.htm>
More information about the K12OSN
mailing list