I've also used fail2ban as a tool to slow down the rate of bad login attempts. The general idea is that after n attempts you stop accepting any attempts from that IP for a configurable amount of time. I'll usually take about 3 or 4 tries before shutting down attempts from that IP for 10 hours or so. With an occasional typing error on my part or accidental numlock on, I need at least two and sometimes three attempts if I don't want to lock myself out for 10 hours. :-)
Even using well-known ports, failed login attempts go down from hundreds a day to a handful. Ian Shields Ph.D. Linux Technologist, ISV & Developer Relations IBM Corp Research Triangle Park, NC ishie...@us.ibm.com lpi-examdev-boun...@lpi.org wrote on 04/04/2010 08:23:50 AM: > Re: [lpi-examdev] lpi-examdev Digest, Vol 36, Issue 1 > > David Nuttall > > to: > > lpi-examdev > > 04/04/2010 08:30 AM > > Sent by: > > lpi-examdev-boun...@lpi.org > > Please respond to "This is the lpi-examdev mailing list." > > How about "Opening a well-known port in the firewall to a server, > just in case." There was a time I remember that I was asked to open > the SSH port on the firewall to forward to one of our servers. The > next day, the SSH log was full of bogus log-in attempts. Was I ever > glad that I enforced a policy that only those that accounts that > actually needed a password go one (otherwise invalid log-in) and > root is not allowed to login over SSH. > > The firewall should only allow packets behind it to fully protected > servers. Ports for internal use from the outside should be to way- > out-there addresses that the NAT gets locked out from using (e.g. > 25000 - 26000), that then map to the well-known ports on the > internal server. The only exception to this is if the software used > to access the server will not operate on the much higher port. > > David Nuttall, Computer Specialist > Nuttall Computer Consulting > danutt...@rocketmail.com
_______________________________________________ lpi-examdev mailing list lpi-examdev@lpi.org http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
