On Saturday, October 15, 2011 06:13:02 PM Jon Elson did opine:
> gene heskett wrote:
> > I'll second those sentiments, Kent. I hope the logs are being kept
> > for forensic purposes. Tracing the src IP could well be
> > enlightening.
>
> Normally the hackers use other hacked-into computers, and don't leave
> traces of
> their original computer. They may use several layers of botnets to make
> it quite
> hard to trace their original IP.
>
All too likely to be true.
> One thing I have found to be really helpful (after securing all servers
> on the
> machine) is to use the denyhosts program, that watches for failed login
> attempts and then
> adds the source IP to the hosts.deny list. This uses one list for all
> modes of access, all account names (valid and not). If you set this to
> a fairly tight setting, such as 3 login failures from the same IP in a
> month gets you kicked off for a year, it makes it very hard for even
> large botnets to have any possibility of cracking a decent password.
>
> Haven't had any breakins in a long time, and all the professionals have
> given up when the probe my system and find out how tight I have the
> security set.
>
> Jon
>
I have a netgear router doing NAT, and am using fail2ban, which works
similarly but with a shorter recovery by default. fail2ban has not been
tripped in the year since I installed it. That faint knocking sound? Its
me, knocking on my head as a substitute for wood. ;-)
However, traffic seems to have come to a halt since I lost my web pages dns
entry at DynDns. Some damned squatter grabbed it instantly. I have
visions of a length of rope, a tall oak tree and a shovel. :(
Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
"Life and death are seldom logical."
"But attaining a desired goal always is."
-- McCoy and Spock, "The Galileo Seven", stardate 2821.7
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users
