Re: lug-bg: =?windows-1251?b?z+jy4O3lIO7y7e7x8u3uIG1lc3NhZ2U=?= log

Sun, 19 Sep 2004 11:23:57 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 19 September 2004 01:13 am, Vladimir Paskov wrote:
> ÐÐÑÐÐÐÐÑÐ ÐÑÑÐÐ, ÐÐÐÑÐÐÐÐÐÐÐÐ ÐÑÐÐÐÑ 
> ÐÐÐÐÐÐÐÐ ÐÐ ÐÐÐÐÐÐÑÐ ÐÐ ÑÐÐÐÑÐÐÑÐ
> ÐÐ ÐÐÑÐÐÐ Ð Ð
> /var/log/messages ÑÐ ÐÐÑÑÐÐÐÑ ÐÐ ÑÐÐÐÐÐÑÐ:
>

[cut]

> 221.0.193.23 port 44967 ssh2
> Sep 18 23:59:23 xpman sshd[5581]: Invalid user test from 221.0.193.23
> Sep 18 23:59:23 xpman sshd[5581]: Failed password for invalid user test
> from 221.0.193.23 port 45045 ssh2
>
> ÐÑÐÐÐÐÐÐÐÐÐ, ÑÐ ÐÑÐÐÐ Ð ÐÑÐÐÐÐ ÐÐÐÑÐ ÐÐ ÐÐÐÐÐ 
> Ð ÐÐÑÐÐÐÑÐ ÐÐ,ÐÐÐ ÐÐÑÑÐ
> ÐÑÐÐ? ÐÐÑÑÐÐÐ ÐÐ ÐÐÐÐÐÐ ÐÐ ÐÐÐÐÐ ÐÐÐ ÐÐ ÐÑÐÑÐÑ 
> Ð ÐÐÐÐÑÑÐÐÐÐ ÐÐÐ ÐÐ ÑÐ
> ÐÐÐÐÑ.
>
> ÐÐÐÐÐÐÐÑÑ ÐÑÐÐÐÐÑÐÑÐÐÐÐ ÐÐ ÐÑÐÐÐÐÑÐÑÐ.

ÐÐ ÐÐÑÐ ÐÐÐÐÐÐÐ ÐÐÑÐÑ ÐÐÐÑÐ ÐÐÑÐÐÐ ÐÐÑÐÐÑÐ.

ÐÐÐÑÐÐÐ ÐÑÐÐ ÑÐ - ÐÑÐÐÐ Ð ÐÑÐÐÐÐ ÐÐÐÑÐ ÐÐ ÐÐÐÐÐ 
Ð ÐÐÑÐÐÐÑÐ ÑÐ. ÐÐÑÐÑ
ÑÐ ÐÐÑÐ ÐÐÐÐÑÐ ÐÐ ÐÐÐÐÐ ÐÐÐ ÐÑÐÑÐÑ ÑÐÐÐ ÑÐ ÑÐÐÐ 
ÑÐÑÑ ÑÐ Ñ ÐÑÐÐÑÑÐÐ.

ÐÐÐÑÐ Ð ÐÑÐÐÐÐÐÐÐÐÑ ÐÐÐ ÐÐ ÑÐ ÐÐÐÐÐÑ, ÐÐÐ ÐÑ ÐÐÐ 
ÐÐ ÑÐÐÑÑÑÐ. ÐÑÐ ÐÐ
ÐÐÐÑÐ 2 ÑÑ. ÐÑÐÐÐÐÐÐÑÑÐÑÐ ÐÐ PubkeyAuthentication Ð SSL over 
SSH,
ÐÐÐÐÐÐÐÑÐÐÐ Ñ ÐÐÐÐÐÐÑÐÐ firewall policy ÑÐ ÐÐÑÐÐÐÐÐÐÐ 
 ÐÐÐÑÑ ÐÐÑÐÐÐÑ.

ÐÐÑÑÐÐ ÑÐ ÐÐÐÑÐ ÐÐ ÐÑÐÐÑ ÐÐÐ ÐÐ ÐÐÐÑÐÐÑ ÐÑÐÑÐÐ 
ÐÑÐÐÐ/ÑÐÑÑÐÐÐ ÐÐÐÑÐ
ÑÐ ÐÐÐÑ ÐÐÑÑÑÐ ÐÐ ÐÐÐ ÐÐÐ ÑÐ service ÐÐÐ ÐÑÐÐÐ. 
ÐÐÐÐÐ ÐÑÐÐÐÑ ÑÐÐÐÐÐ?
ÐÐÐÐÑÑ ÐÐÑÑÐ ÐÐ ÐÐÐÑÐÐÐÐÑÐÐÐ ÐÐ ÐÐÐÑÐ ÑÐÑÑÐ SSH? 
ÐÐ ÐÐ ÑÐÐÑÑÐÑÐÑ
ÐÑÐÐÑÐ? ÐÐÐÐ ÐÐÐÑÐÐ ÐÐÐÐ false sense of security Ð ÐÑÐÑÐÐÐ 
ÑÐÐÐ ÑÐ 
ÐÑÐÐÑÐÐÑÐÐ ÐÐÑÐÐÐ. ÐÐÐ Ð ÐÐ ÐÐÐÑÐ ÐÑÐÐÐÐÐÐÑÑÐ. 
ÐÐÐÐÑ ÐÐ ÐÐÐÐÐÐÑ
port knocking (ÐÐ ÑÑÐ ÐÑÐÐÐÐÐ ÐÐÐÐÐÐÐ) ÐÐÐÑÐ Ð ÑÐÐÐÐÐÑ 
workaround.

ÐÐ ÐÑÐÐÐÐÐ ÑÐ ÐÑÑÐÐÐ SSH ÐÐ ÐÐÑÐÐ ÐÐÑÑ (53291), 
ÑÐÐÐÑÐÑ Ñ keys, 
ÐÐÐÑÐÐ ÑÐ ÐÐÐ ÑÑÐÑ ÐÐÐÐ ÐÐ ÑÐ ÐÐÐÐÐ Ð Ñ.Ð.  ÐÑÐ 
ÐÑÐ ÐÐÐÐÑ ÐÐ 
ÑÐÐÑÑÐÑÐÑ ÐÐÑÑÐ Ð ÑÑÑÐÐÑÐÐÐÐÐÐ ÐÐ ÐÐÐÐÑ ÐÐÑÑÑÐ 
ÐÐ ÐÐÐÑÐÐÐ ÑÐÑÐ 
(ÑÐÑÐ) ÐÐ ÑÐÐÐÐÐÑ ÐÐÑÐÐ:

[server]

iptables -t filter -I INPUT -i $EXT_IFACE -p tcp -d $EXT_ADDR --dport 53291 
- --sport 23 -j ACCEPT

Ð ÐÐÑÐ ÐÐÐÐÐ ÐÑÑÐÐÑ ÑÐÑÐÑÐ ÐÐÐÑÐ ÑÐ ÑÑÑÐÐÐÑ ÐÐ 
SSH ÐÑÐ ÐÐÑÐÑÐÐ ÐÐÐÐÐÐÐ
ÑÐÑÑ ÐÐÑÑ 23 (ÐÐÐ ÐÑÑÐ). ÐÑÐÐÐÐÐÐÑÑÑÐ ÐÐ ÑÐ 
ÐÐÐÑÑÐÐ ÐÐÐÐÐÐÐÑÐÑÑÐ ÐÑ 2-ÑÐ
ÐÐÑÑÐ Ð ÐÐÑÑÐ ÐÐÑÐÐÐÐ.

[client]

iptables -t nat -I POSTROUTING -s $EXT_ADDR -d $TARGET_SRV -o 
$EXT_IFACE -p tcp --dport 53291 -j SNAT --to-source $EXT_ADDR:23

Ð ÑÐÐÐ ÐÐÐÐÐÑ ÑÑÐÑÐÐÑÑ ÐÑÐ SSH ÑÑÑÐÑÑÐ ÐÐ ÐÐÐÐÐÐ 
Ñ ÐÐÑÑ 23.
ÐÑÐÐÐÑÐÐ ÑÑÐ ÑÐ ÑÐÐÐ ÐÐÑÐÑÐÑ ÐÐÐ ÑÐÐÐÑÐ 
ÑÐÐÐÐÑÑÐ, ÐÐ Ð ÐÑÐÑÑÐ ÑÐÐÐÐÐ.

Ð ÑÑÑÐÑÑ ÐÐÐÑÐÐÑÑ, ÐÐ ÐÑÐÐÐ ÐÐ ÑÐ ÑÐÑÐÐ ÐÐÐÐÐ 
ÑÐÑÐ ÐÑÐ ÐÑÐ ÐÑÑÐÐÑ
ÑÑÐÑÐÐ ÑÑÑ ÑÐÑÑ ÐÐÑÑ 53 ÐÐ 0/0, 'ÐÐÑÐÑÐ DNS-Ð ÐÑÐÐÐ 
ÐÐ ÐÐÐÐ ÐÐ ÐÑÐÐÐ
ÐÐÐÐÐÐÐ ÑÑÐÐÑÑÐÑ ÐÐÐÑÐ' :) 

ÐÑÐÑÑÐÐ ÑÐÐÐÐÑÐÐÐ.
Ð.

Ð.Ð. ÐÐÐ ÑÐ ÑÐÑÐÐ ÐÐ ÑÐ ÐÐÐÑÐÐÐÑÐÐÐÑ ÐÐÐ ÐÐ 
ÐÐÐÐÑ ÐÐÑÑÑÐ ÐÑ ÐÑÐÐÐÐÐÐÐÐ
ÐÐÑÐÑÐÐÑÐ ÐÐ ÑÑÐÐ ÐÑÐÐÐ (ÐÐÐÐ ÑÐ ÑÑÑ 
ÑÐÑÑÐÑÐÐÐÑÐ, pre-shared secrets, etc), 
ÑÐÐÐÐÐÐÐÐ SonicWall/GlobalVPN; IPSec (roadwarrior).

- -- 
:wq
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBTc2qmCN1eSWR9owRAoNyAKC9OnHUIS02F1X44Mk/xrDHF4rMkwCgzM3X
ZqbNM/EPRqFgOk6aaCVXWJ0=
=/K7p
-----END PGP SIGNATURE-----
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

Reply via email to