am I hacked?
peter kostov
fedora at light-bg.com
Wed Apr 25 10:55:20 UTC 2007
Scott van Looy wrote:
> On Apr 22 Keith G. Robertson-Turner did spake thusly:
>
>> Verily I say unto thee, that Manuel Arostegui Ramirez spake thusly:
>>> El Domingo, 22 de Abril de 2007 02:50, Keith G. Robertson-Turner
>>> escribió:
>>
>>>> I have hundreds off ssh attacks every day. Just make sure you have a
>>>> *very* secure password (or don't forward ssh from the router).
>>>>
>>>> I also use "denyhosts" which I've found extremely useful (it's in
>>>> extras).
>>
>>> That plus some kind of app such as fail2ban to permit only like like
>>> 3 attemps
>>> of login
>>
>> Denyhosts already does that.
>>
>> I'll check out fail2ban though, it's always nice to have alternatives.
>
> iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \
> recent --set
> iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \
> recent --update --seconds 60 --hitcount 4 -j DROP
>
> This'll drop anything over 4 connections from an IP within 60 seconds
> - might also be of use for an SSH attack
>
Thanks, I will use this! I think this is simpler and better than
installing additional software like fail2ban, isn't it?
Peter
More information about the fedora-list
mailing list