crazy hackers and logwatch

Justin Conover justin.conover at gmail.com
Tue Aug 9 18:32:27 UTC 2005


On 8/9/05, Justin Conover <justin.conover at gmail.com> wrote:
> On 8/9/05, Brian Gaynor <briang at pmccorp.com> wrote:
> > On Tue, 2005-08-09 at 09:39 -0600, Kevin Fenzi wrote:
> > > A better rule (IMHO), I use:
> > >
> > > $IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT
> > >
> > > This has the advantage of only blocking the offending IP if they go
> > > over 1/min, but letting all other ip's still have access until they go
> > > over the limit.
> >
> > I've used similar rules for some time now and they've proven very
> > effective. The only problem I've run into is with subversion over SSH,
> > it generates a lot of  short connections sometimes (for example when
> > browsing a repository) and can look like an attack to this kind of
> > block. For that reason I am interested in testing DENYHOSTS.
> >
> > --
> > Brian Gaynor
> > www.pmccorp.com
> > FC4/Linux on DELL Inspiron 5160 3.0Ghz
> > canis 08:55:20 up 26 min, 1
> > user, load average: 0.27, 0.22,
> >
> >
> > --
> > fedora-test-list mailing list
> > fedora-test-list at redhat.com
> > To unsubscribe:
> > http://www.redhat.com/mailman/listinfo/fedora-test-list
> >
> 
> 
> Bastards really want in.
> 
> 
> sshd:
>   Authentication Failures:
>      root (61.185.220.46): 528 Time(s)
>      unknown (61.185.220.46): 221 Time(s)
>      mail (61.185.220.46): 2 Time(s)
>      mysql (61.185.220.46): 2 Time(s)
>      news (61.185.220.46): 2 Time(s)
>      adm (61.185.220.46): 1 Time(s)
>      apache (61.185.220.46): 1 Time(s)
>      bin (61.185.220.46): 1 Time(s)
>      ftp (61.185.220.46): 1 Time(s)
>      games (61.185.220.46): 1 Time(s)
>      ldap (61.185.220.46): 1 Time(s)
>      lp (61.185.220.46): 1 Time(s)
>      nobody (61.185.220.46): 1 Time(s)
>      operator (61.185.220.46): 1 Time(s)
>      root (201.145.24.178): 1 Time(s)
>      rpm (61.185.220.46): 1 Time(s)
>      squid (61.185.220.46): 1 Time(s)
>      sshd (61.185.220.46): 1 Time(s)
>   Invalid Users:
>      Unknown Account: 221 Time(s)
>      Bad User: root: 1 Time(s)
>   Sessions Opened:
>      justin: 1 Time(s)
> 
ssh bob@<myIP>
Stay the **** off my box!  Loosers, you can't get in.  Your a bunch of
script-kiddes that suckled on your momma to long.  If you think your
talented, than use it to do real hacking, like on Open Source Linux. 
Otherwise, take your noobie cracking ass back to school!




More information about the fedora-test-list mailing list