[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OT: New article: Let's block cracker using denyhosts



From: "Fajar Priyanto" <fajarpri cbn net id>

On Thursday 30 March 2006 11:24 pm, Paul Howarth wrote:
> rpm -qa | grep denyhosts
> denyhosts-2.2-1.2.fc4.rf
>
> Also the initscript is not installed too.
> That's why I set it up manually then.

That'll be because you've got the rpmforge version of the package rather
than the Fedora Extras one.

Ohhh! No wonder there were two packages when I did yum search denyhosts, and apparently when I used the yum install denyhosts, yum downloaded the rpmforge one.
denyhosts.noarch    2.2-1.2.fc4.rf         dries
denyhosts.noarch    2.0-1.fc4              extras

But, why did yum choose the rpmforge? Is it the version?
--
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial

For those using REAL IPTables instead of one of the silly ShoreWall type
futilities:

===8<--- # Then setup the ssh reject trap.
$IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
 --rcheck --seconds 120 --hitcount 3 -j LOG --log-prefix 'SSH REJECT: '
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
 --rcheck --seconds 120 --hitcount 3 -j REJECT --reject-with tcp-reset
===8<---

With the values present a given site gets three tries within a 120 second
interval. Once that is exceeded it is locked out until the retry count
drops below 3 in 2 minutes. This means ALL attacks get blocked. It also
means that if you screw up your password three times you can still get in
if you wait a little bit.

I tend to review the logs which show the failed login attempts. If I find
an address in a part of the world where I am VERY unlikely to find myself
I simply add that whole Asian IP block to a reject rule. But really, at
30 seconds per try how long do you think it would take to guess a user
password of "abcdefgh" when the user name is not known, either?

{^_-}


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]