Re: [gentoo-user] Re: SSH brute force attacks and blacklist.py

On Wednesday 27 February 2008, Remy Blank wrote: Steve wrote: I'm one of the (many) people who has opportunists trying usernames and passwords against SSH... while every effort has been made to secure this service by configuration; strong passwords; no root login remotely etc. I would

Re: [gentoo-user] Re: SSH brute force attacks and blacklist.py

Thanks for all your suggestions... I will look into fail2ban... that might be what I need... While I could crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this (AFAIK) will not persist blocks when the server is powered down or rebooted. I need to retain port 22 and can't

Re: [gentoo-user] Re: SSH brute force attacks and blacklist.py

On Thu, Feb 28, 2008 at 11:13:10AM +, Penguin Lover Steve squawked: Thanks for all your suggestions... I will look into fail2ban... that might be what I need... While I could crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this (AFAIK) will not persist blocks when

Re: [gentoo-user] Re: SSH brute force attacks and blacklist.py

On Wed, Feb 27, 2008 at 10:39:15PM +0100, Penguin Lover Anno v. Heimburg squawked: It limits the number of new connections on each port in INPUT_LIMITER_TCPPORTS from any individual host to INPUT_LIMITER_COUNT within INPUT_LIMITER_TIME. My experience suggests that finding the right

[gentoo-user] Re: SSH brute force attacks and blacklist.py

Steve wrote: I can't believe that I'm the only person with this, so it's probably worth asking. I'm one of the (many) people who has opportunists trying usernames and passwords against SSH... while every effort has been made to secure this service by configuration; strong passwords; no root

[gentoo-user] Re: SSH brute force attacks and blacklist.py

Sorry here's the link I should have posted: http://www.cipherdyne.org/fwknop/ -- gentoo-user@lists.gentoo.org mailing list

[gentoo-user] Re: SSH brute force attacks and blacklist.py

Steve wrote: I'm one of the (many) people who has opportunists trying usernames and passwords against SSH... while every effort has been made to secure this service by configuration; strong passwords; no root login remotely etc. I would still prefer to block sites using obvious dictionary

[gentoo-user] Re: SSH brute force attacks and blacklist.py

Justin wrote: Try fail2ban Alternatively, you can use the builtin iptables connection rate limiter. Excerpt from my home-grown firewall script: for port in $INPUT_LIMITER_TCPPORTS; do $IPT_IN -p tcp --dport $port -m state --state NEW -m \ recent --name limit-${port}

Re: [gentoo-user] Re: SSH brute force attacks and blacklist.py

On Wed, 2008-02-27 at 21:24 +0100, Remy Blank wrote: A simple solution is to run sshd on a non-standard, high-numbered port, e.g. in the 30'000. Bots only ever try to connect on port 22. This will *not* improve the protection of your server, but it will avoid having your logs spammed.