SSH2
Burke, Thomas G.
tg.burke at ngc.com
Wed Apr 6 12:06:16 UTC 2005
There's a tool called portsentry that works pretty well on some of these things. You can set up its sensitivity to certain events & it will drop (l)users into hosts.deny and also much your ipchains to drop anything from that source into your bit bucket, so it appears that you just fell off the earth. Of course, the routes get reset on power cycles & so forth (or in my case, I rerun my firewall script every midnight to flush out all the rules & reload)
-Tom
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]On Behalf Of Chris W. Parker
Sent: Tuesday, April 05, 2005 6:43 PM
To: General Red Hat Linux discussion list
Subject: RE: SSH2
David Tonhofer, m-plify S.A. < mailto:d.tonhofer at m-plify.com>
on Tuesday, April 05, 2005 1:37 PM said:
> I don't think so, I have a few thousand attempts with various vanilla
> users each day on each machine. Tiresome. I think SSH should tarpit
> the connections, I have already an itch to fix the source....
So this happens to everyone huh? That's good to know.
So then as long as software is up to date and strong passwords are used,
I guess there's not much to worry about then?
I wonder why though the firewall (iptables) doesn't automatically block
ip addresses after say 20 failed attempts? Is this possible?
Chris.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list