Found, a new rootkit
Guillermo Garron
ggarron at alketech.com
Sat Apr 1 18:32:56 UTC 2006
Hi,
You can also check this
http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
actually you can use yum to install denyhosts
yum install denyhosts
and then configure it.
regards,
Guillermo.
Neil Cherry wrote:
> Rahul Sundaram wrote:
>> On Sat, 2006-04-01 at 12:56 -0500, Neil Cherry wrote:
>>> Gene Heskett wrote:
>>>> On Friday 31 March 2006 19:42, John Summerfield wrote:
>>>>> A reasonable security system would shut down the login process for a
>>>>> time after some number of consecutive failed login attempts. It's a
>>>>> rule that's been around for a long time, it's even in Linux, but
>>>>> implemented poorly.
>>>> And how does one go about turning that option on, with say a 15
>>>> minute timeout?
>>> Check out pam_abl on http://www.hexten.net/pam_abl/ (SourceForge
>>> project).
>>
>> If you want to go this route, both denyhosts and pam_abl are available
>> for Fedora Extras.
>
> I've also use a Perl script to add these IP addresses to an iptables
> list but even with summarization I had thousands of denies. So I
> only allow a select few sites to get to my ssh and the attacks have
> completely stopped. Though I will say I'm not doing this commercially.
>
More information about the fedora-list
mailing list