"Terrell Prudé, Jr."
microman at cmosnetworks.com
Tue Oct 5 12:02:34 UTC 2004
Rick O'Dell wrote:
> I'm running Postfix on a k12ltsp 4.01. Log Watch for mail logs an
>unauthorized user trying to login. It list dozens of passwords they have
>tried. I have dumped the Ip address into host deny file, but next day a new
>ip address (possibly on a dialup). My question is, what if I disable SSH or
>is this a no no??????? What are the adverse effects to me???
No problem. Just use a little iptables magic, like so:
iptables -A INPUT -i eth1 -p tcp --source w.x.y.z --destination-port 22
iptables -A INPUT -i eth1 -p tcp --destination-port 22 -j DROP
This assumes that you're accessing your K12LTSP server from IP address
w.x.y.z, and that eth1 is what's touching the Internet.
Also, of course, make sure that your OpenSSH and OpenSSL are up to the
latest rev (currently 3.9p1 and 0.9.7d, respectively).
But that doesn't stop folks from making SMTP or other connections to
your mail server. I'm assuming that you're using IMAP, POP3, or SMTP
AUTH. Due to the fact that anyone from anywhere can send you email (e.
g. this list), then the best thing I can recommend is requiring strong
passwords for your users and staying up on your security patches. I
also run Postfix, in my case with SMTP AUTH. Plenty of folks are
repeatedly trying to log into my mail server (I use Courier-IMAP). I
stay up on my patch levels and enforce strong passwords. Crackers
haven't gotten in yet (knock on wood!).
Hope this helps,
Do you GNU!? <http://www.gnu.org>
Be virus- and spam-free with Free/Open Source Software (FOSS). Check it
More information about the K12OSN