crazy hackers and logwatch
Justin Conover
justin.conover at gmail.com
Tue Aug 9 18:13:48 UTC 2005
On 8/9/05, Brian Gaynor <briang at pmccorp.com> wrote:
> On Tue, 2005-08-09 at 09:39 -0600, Kevin Fenzi wrote:
> > A better rule (IMHO), I use:
> >
> > $IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT
> >
> > This has the advantage of only blocking the offending IP if they go
> > over 1/min, but letting all other ip's still have access until they go
> > over the limit.
>
> I've used similar rules for some time now and they've proven very
> effective. The only problem I've run into is with subversion over SSH,
> it generates a lot of short connections sometimes (for example when
> browsing a repository) and can look like an attack to this kind of
> block. For that reason I am interested in testing DENYHOSTS.
>
> --
> Brian Gaynor
> www.pmccorp.com
> FC4/Linux on DELL Inspiron 5160 3.0Ghz
> canis 08:55:20 up 26 min, 1
> user, load average: 0.27, 0.22,
>
>
> --
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe:
> http://www.redhat.com/mailman/listinfo/fedora-test-list
>
Bastards really want in.
sshd:
Authentication Failures:
root (61.185.220.46): 528 Time(s)
unknown (61.185.220.46): 221 Time(s)
mail (61.185.220.46): 2 Time(s)
mysql (61.185.220.46): 2 Time(s)
news (61.185.220.46): 2 Time(s)
adm (61.185.220.46): 1 Time(s)
apache (61.185.220.46): 1 Time(s)
bin (61.185.220.46): 1 Time(s)
ftp (61.185.220.46): 1 Time(s)
games (61.185.220.46): 1 Time(s)
ldap (61.185.220.46): 1 Time(s)
lp (61.185.220.46): 1 Time(s)
nobody (61.185.220.46): 1 Time(s)
operator (61.185.220.46): 1 Time(s)
root (201.145.24.178): 1 Time(s)
rpm (61.185.220.46): 1 Time(s)
squid (61.185.220.46): 1 Time(s)
sshd (61.185.220.46): 1 Time(s)
Invalid Users:
Unknown Account: 221 Time(s)
Bad User: root: 1 Time(s)
Sessions Opened:
justin: 1 Time(s)
More information about the fedora-test-list
mailing list