I've been using fail2ban to deal with remote brute force attacks and it works like a charm. .. . So far anyway :-)
On Fri, Dec 2, 2011 at 5:34 PM, Andrew J. Kopciuch <[email protected]>wrote: > On December 2, 2011, Royce Souther wrote: > > If you watch TechSNAP it has more information. > > > http://www.jupiterbroadcasting.com/14561/allans-zfs-server-build-techsnap-3 > >4/ > > > > PKI may not be enough, I am thinking that port knocking to restrict > access > > to port 22 is a good idea now. > > I believe the exploits were not 0-day, but rather a brute force attack > using > the root account. > > As Gustin pointed out, the versions were very very old, and should have > been > patched. Additionally setting "PermitRootLogin no" in sshd_config would > have been a good thing. > > Also, some sort of HIDS like ossec (http://www.ossec.net). It has an > active-response which will block the IPs using ipables from brute force > attacks detected. > > > Andy > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying > -- One thing you can be sure of. If you throw a loaded gun in a monkey cage, something bad is going to happen.
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
