[kwlug-disc] server compromised
L.D. Paniak
ldpaniak at fourpisolutions.com
Thu May 14 12:04:17 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
john at netdirect.ca wrote:
>
> Password dictionary attacks are common on SSH ports, just check the logs
> of any system with ssh exposed to the Internet. We have put throttling
> in place to tarpit these attacks and reduce the impact on our logs.
> IPTables can be used for it but the rules are a little complicated and
> can impact how you interact as well. The throttling works like this: if
> an IP address connects more than x times in y minutes the block access
> by this user for z minutes. Be careful not to choose too small of a
> number for x/y or you'll lock yourself out. Don't forget automated SSH
> connections.
>
DenyHosts (http://denyhosts.sourceforge.net/index.html) trolls auth.log
looking for excessive activity and then can lock suspicious remote users
out. You do have to be careful not to lock yourself out...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKDEEB8h2PnOHbiQcRAlLIAKCKvWBV+smO4cjEl40OzqqdQBJ/GgCdExBt
HKDlGaoqqxbQAn/3plRaE8o=
=EvR8
-----END PGP SIGNATURE-----
More information about the kwlug-disc
mailing list