At 12:38 PM 8/21/2008, Mikhail Teterin wrote:
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180
Aug 12
At 04:37 PM 8/21/2008, Brooks Davis wrote:
On Thu, Aug 21, 2008 at 10:10:42PM +0200, Rink Springer wrote:
On Thu, Aug 21, 2008 at 01:03:09PM -0700, Jeremy Chadwick wrote:
Finally, consider moving to pf instead, if you really feel ipfw is
what's causing your machine to crash. You might be
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180
Aug 12 10:21:18 symbion sshd[4335]: Invalid user mythtv
On Thu, Aug 21, 2008 at 01:38:38PM -0400, Mikhail Teterin wrote:
...
I wrote an awk-script, which adds a block of the attacking IP-address to
the ipfw-rules after three such invalid user attempts with:
ipfw add 550 deny ip from ip
The script is fed by syslogd directly -- through a
Date: Thu, 21 Aug 2008 13:38:38 -0400
From: Mikhail Teterin [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug 12 10:21:17
David Wolfskill написав(ла):
While the amount of work involved was assuredly greater in that case
than in yours, those of us who were actually building and running the
relays in question were very unsurprised when Postfix performance
improved significantly following a redesign of the
Neil Neely написав(ла):
I haven't explored this issue enough to speak with any authority - but
once upon a time I had an app doing tons of ipfw rule add/removes all
the time and we had no end of performance and stability problems on
that box (this would have been in 4.x or so timeline I
Mikhail Teterin [EMAIL PROTECTED] writes:
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180
Aug 12 10:21:18
I haven't explored this issue enough to speak with any authority - but
once upon a time I had an app doing tons of ipfw rule add/removes all
the time and we had no end of performance and stability problems on
that box (this would have been in 4.x or so timeline I expect). As
that
On Thu, Aug 21, 2008 at 01:38:38PM -0400, Mikhail Teterin wrote:
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from
Mikhail Teterin pisze:
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180
Aug 12 10:21:18 symbion
On Thu, Aug 21, 2008 at 01:03:09PM -0700, Jeremy Chadwick wrote:
Finally, consider moving to pf instead, if you really feel ipfw is
what's causing your machine to crash. You might be pleasantly surprised
by the syntax, and overall administrative usability (it is significantly
superior to
Jeremy Chadwick написав(ла):
The above looks like sshguard.
Yes, several people have pointed this out. Thanks!
I've personally never trusted something that *automatically* adjusts firewall
rules based on data read from text
logs or packets coming in off the Internet. The risks involved are
On Thu, Aug 21, 2008 at 10:10:42PM +0200, Rink Springer wrote:
On Thu, Aug 21, 2008 at 01:03:09PM -0700, Jeremy Chadwick wrote:
Finally, consider moving to pf instead, if you really feel ipfw is
what's causing your machine to crash. You might be pleasantly surprised
by the syntax, and
Kevin Oberman wrote:
Date: Thu, 21 Aug 2008 13:38:38 -0400
From: Mikhail Teterin [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug
I do something related to this with fwlogwatch although it can probably
be adapted to any similar tool; when I hit the 'block' threshold, I
execute something like:
#!/bin/sh
HR=`date +%-k`
/sbin/ipfw table 0 add $3 ${HR}
.. so each entry has a tag indicating the hour at which the block was
Ross Wheeler написав(ла):
I overcame these conflicting requirements with a 2-step process. They
authorised user first browsed to a website which asked their
username and password. When entered correctly, it opened a hole in the
firewall to allow that IP to their network. A timer ran every 15
On Thu, 21 Aug 2008, Mikhail Teterin wrote:
Surely you don't have that many users who SSH into the NAT router from
random public IPs all over the world, rather than via the LAN? Surely
if you yourself often SSH into your NAT router from a Blackberry device,
that you wouldn't have much of a
There are many excellent suggestions on how to deal with invalid/unauthorised
access attempts via ssh. I'd used sshguard for around 8 months but recently
changed to bruteblock, both are in the ports/security. sshguard was very easy
to configure, via rc.conf arguments. Bruteblock handled
On Thu, 21 Aug 2008 13:03:09 -0700
Jeremy Chadwick [EMAIL PROTECTED] wrote:
A different approach: consider putting sshd on a different port, rather
than the default of 22. A lot of people I know do this, solely to
decrease the number of brute-force attempts you see above; I've never
seen any
On Thu, 21 Aug 2008 16:28:05 -0400
Mikhail Teterin [EMAIL PROTECTED] wrote:
Myself -- and the owner of the box -- travel quite a bit, ssh-ing home
from anywhere in the world.
why not setup a SSL-based vpn ? lock everything down except the port of the
vpn. try openvpn.
Although we could, I
21 matches
Mail list logo
