[K12OSN] OT: Break-In report

"Terrell Prudé Jr." microman at cmosnetworks.com
Wed Jan 2 16:42:39 UTC 2008

Seconded regarding denyhosts; it is very nice.  In addition, I also
allow SSH connections only from certain subnets--yes, even on the
trusted network.  Kids are quite inventive, you know.  Just throw up a
couple of iptables lines like this:

# Permit only to SSH to us
iptables -A INPUT -i eth0 -p tcp --source
--destination-port 22 -j ACCEPT
# Deny everything else on TCP 22
iptables -A INPUT -i eth0 -p tcp --destination-port 22 -j DROP

And you can add any other self-protection rules that you like.

Do you GNU <http://www.gnu.org>?
Microsoft Free since 2003 <http://www.cmosnetworks.com>--the ultimate
antivirus protection!

Michael Blinn wrote:
>  Not true. I use and recommend the package 'denyhosts' - Nice little
> python script that daemonizes to periodically check /var/log/secure,
> adding IPs from brute-force attackers to /etc/hosts.deny, then emails
> me its actions. You can also set an auto-expire time for those blocks.
> I love it.
> -Michael
> Les Mikesell wrote:
>> There is quite a lot of ssh password guessing going on over the
>> internet.  If you have systems with the ssh port exposed, you can
>> expect to see a few hundred attempts a day in the logs - a slow
>> enough rate that you might not notice but the attackers are probably
>> spreading their attempts over thousands of systems.  There are some
>> packages that watch the logs and firewall addresses with repeated
>> failed attempts but none are included in the distribution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20080102/74a9b60f/attachment.htm>

More information about the K12OSN mailing list