Question bruteforcing
CodeHeads
codeheads at gmail.com
Tue May 30 00:37:39 UTC 2006
On Tue, 30 May 2006 00:31:52 +0200 nightrid3r <03taxi at gmail.com> wrote:
> Op ma, 29-05-2006 te 17:03 -0500, schreef Mike C:
> > What exactly is bruteforcing and is their away to stop it in fedora
> > without useing a router or firewall box?
> >
> > Thanks for any help
> >
> bruteforcing is an atack (useualy against the root account or a known
> user name) where the attacker uses a password generator or dictionary to
> test all possible paswords.
>
> the only defence i know of is setting up your system so that iptables
> deny's the attack source after a number of failed attempts.
> Can't give further info cos i have no idea how to do it. (don't realy
> understand iptables enough to do it)
I know that there are shell scripts out there out automate putting the IP in
the hosts.deny list.
Here is something I found using google. It was the 1st hit.
http://la-samhna.de/library/brutessh.html
Remember if you use IPTables, do not check the eth0 as a trusted device. If you
do IPTables (or the firewall) is not actually working. I learned the hard
way!!! LOL
Hope this helps.
Will
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060529/dd473f24/attachment-0001.sig>
More information about the fedora-list
mailing list