[rhn-users] Login

Philippe B. Laval plaval at kennesaw.edu
Fri Dec 8 13:49:00 UTC 2006 

Thanks to all the suggestions I got.  I am not a security expert on systems,
but I have learned some since my system has been attacked.  Hackers usually
attack a system from other systems.  When they have been discovered
attacking from a system, they'll switch to a new one.  Therefore, the IP
addresses from which they attack are never the same.  However, they can be
spotted.  Usually, the logs will show a specific IP address either trying to
log into a single account repeatedly (meaning they are trying various
passwords) or trying various accounts (meaning the hacker is trying to find
an existing account on the machine).  I was hoping (am hoping) that there is
some software who can track this.  When a login fails, the software should
be able to determine if that IP is a legitimate user who just typed the
wrong password or somebody conducting a systematic attack of the system.
Does such a protection exist?

Thanks

 
 
Dr. Philippe B. Laval
Associate Professor of Mathematics
Kennesaw State University
1000 Chastain Road
Kennesaw, GA 30144
USA
 
office: SC 526
Phone: 770-499-3325
fax: 404-364-0552
e-mail: plaval at kennesaw.edu
web: http://science.kennesaw.edu/~plaval
 

-----Original Message-----
From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com] On
Behalf Of Rajan Mithani
Sent: Friday, December 08, 2006 3:54 AM
To: Discussions about Red Hat Network (rhn.redhat.com)
Subject: Re: [rhn-users] Login

Hi, Rajan Mithani here...
Friends if u wann to block any perticular IP you can use IPCHAINS (
IPTABLES) which acts as a FIREWALL to block various IP Addresses
Also using IPTABLES you can restict variou outside user to access SSH,
FTP n various other services...
This is one way to allow security for outsiders..

For further contacts
Rajan Mithani
RHCE.
+91 9890312230
email: rajan(dot)mithani(at)gmail.com
          rajan.mithani at gmail.com

On 12/7/06, Simon Ball <sball at cromwells.co.uk> wrote:
> Please note that this is the RHN list. You would get a better answer on
the taroon list. See the list archive for many many instances of such
off-topic posting.
>
>
>
> ----- Original Message -----
> From: Cedric Porte <cedric.porte at fr.ibm.com>
> To: Discussions about Red Hat Network (rhn.redhat.com)
<rhn-users at redhat.com>
> Sent: Thursday, December 7, 2006 4:54:54 PM GMT+0000
> Subject: Re: [rhn-users] Login
>
>
> Hi Dr. Laval,
>
> Which protocol do you use to login ? SSH (port 22), Telnet (port 23) ?
> I think is more efficient to block access to login for everyone except for
authorized IP.
> Can you use this politic security in your environment ?
>
> Cordialement,
>
> Cédric Porte
> Web Hosting Technical Customer Manager
> PHONE: +33 4 92 11 41 77 ( TL : 36-4177)
> Email: cedric.porte at fr.ibm.com
>
>
>        "Philippe B. Laval" < plaval at kennesaw.edu >
> Sent by: rhn-users-bounces at redhat.com
>
> 07/12/2006 17:29
> Please respond to
> "Discussions about Red Hat Network (rhn.redhat.com)" <
rhn-users at redhat.com >
>
> To      "'Discussions about Red Hat Network (rhn.redhat.com)'" <
rhn-users at redhat.com >
>
> cc
>
> Subject         [rhn-users] Login
>
>
>
>
> Running Linux Es 3.0. Is there a way to configure logins so they are
rejected after a certain number of failures? I can see from my logs that
somebody has been trying to get into my system. They consistently (like
every few seconds) try to log in as a certain user. After a while, they give
up and try another user. What is the best way to handle this. I would like
to be able to set up each account so they are blocked after a certain number
of failures. I also would like to be able to block certain IP addresses
after a certain number of failed logins, even if they were for different
user names.
>
> Thanks
>
> P. Laval
>
>
>
> Dr. Philippe B. Laval
> Associate Professor of Mathematics
> Kennesaw State University
> 1000 Chastain Road
> Kennesaw, GA 30144
> USA
>
> office : SC 526
> Phone : 770-499-3325
> fax : 404-364-0552
> e-mail : plaval at kennesaw.edu
> web: http://science.kennesaw.edu/~plaval
_______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
>
> --
> Simon Elliston Ball
> Infrastructure Manager
> Cromwell Business Systems
>
> Please consider the environment - do you really need to print this email?
>
>
> This email is sent on behalf of Cromwell Business Systems Ltd. and is
strictly confidential and intended solely for the addressee(s).  It may
contain personal and confidential information and as such may be protected
by the Data Protection Act 1998.
>
> If you are not the intended recipient of this email you must: (i) not
disclose, copy or distribute its contents to any other person nor use its
contents in any way or you may be acting unlawfully;  (ii) contact Cromwell
Business Systems immediately on +44 (0)1353 650900 quoting the name of the
sender and the addressee then delete it from your system.
>
> Any views or opinions expressed within this email are those of the author,
and do not necessarily represent those of Cromwell Business Systems.
>
> Cromwell Business Systems have scanned this email for viruses but does not
accept any responsibility once this email has been transmitted.  You should
scan attachments (if any) for viruses.
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>

_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users

More information about the rhn-users mailing list