Re: brute force ssh login attempts and how to Disrupt them
Am 2006-11-16 23:26:34, schrieb Hans du Plooy: > On Thu, 2006-11-16 at 06:25 -0600, Martin McCormick wrote: > > I haven't created anything similar for Linux yet or I > > would be happy to let folks try it out. > > http://denyhosts.sourceforge.net/ Should sort it out. > > In addition it's always a good idea to disable root login. One one Bah! - What abouth using md5-Passwords and then realy long? I have patched my "sshd" to and it print out a list of all wrong passords. I have now arround 2800 collected in 4 years. They try but-force several 1000' times every day and. Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: brute force ssh login attempts and how to Disrupt them
I think that the best solution in this situation would be knockd daemon. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of s. keeling > Sent: Friday, November 17, 2006 7:50 AM > To: debian-user@lists.debian.org > Subject: Re: brute force ssh login attempts and how to Disrupt them > > Martin McCormick <[EMAIL PROTECTED]>: > > One day, I noticed one of those attacks starting. What > > Much simpler: > > % /etc/init.d/ssh stop > > sshd is only necessary to ssh *in* to the box. If you've so far > managed to remain ignorant of the sshd attacks going on, you might > need to reconsider whether you ought to be running sshd at all. This > is not new News. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: brute force ssh login attempts and how to Disrupt them
Martin McCormick <[EMAIL PROTECTED]>: > One day, I noticed one of those attacks starting. What Much simpler: % /etc/init.d/ssh stop sshd is only necessary to ssh *in* to the box. If you've so far managed to remain ignorant of the sshd attacks going on, you might need to reconsider whether you ought to be running sshd at all. This is not new News. -- Any technology distinguishable from magic is insufficiently advanced. (*)http://www.spots.ab.ca/~keeling Linux Counter #80292 - -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me. Spammers! http://www.spots.ab.ca/~keeling/emails.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: brute force ssh login attempts and how to Disrupt them
On Thu, Nov 16, 2006 at 23:26:34 +0200, Hans du Plooy wrote: > > If you ssh in from a static IP, you can always just put an iptable rule > in to allow ssh connections only from your IP. Unfortunately I'm on > dynamic, so I can't do that. You can use knockd to open a port to allow access from a dynamic IP. http://www.zeroflux.org/knock/ -- David Hart <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: brute force ssh login attempts and how to Disrupt them
In Linux, you can use iptables with the recent module. -- John L. Fjellstad web: http://www.fjellstad.org/ Quis custodiet ipsos custodes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: brute force ssh login attempts and how to Disrupt them
On Thu, 2006-11-16 at 06:25 -0600, Martin McCormick wrote: > I haven't created anything similar for Linux yet or I > would be happy to let folks try it out. http://denyhosts.sourceforge.net/ Should sort it out. In addition it's always a good idea to disable root login. One one server that was getting hit pretty hard with both dictionary and brute force attacks, I even restricted login to one user (me) with key login. If you ssh in from a static IP, you can always just put an iptable rule in to allow ssh connections only from your IP. Unfortunately I'm on dynamic, so I can't do that. Hans -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: brute force ssh login attempts and how to Disrupt them
also sprach Martin McCormick <[EMAIL PROTECTED]> [2006.11.16.1325 +0100]: > I haven't created anything similar for Linux yet or I > would be happy to let folks try it out. Check out the fail2ban package. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems "micro$oft productivity software" - see reductio ad absurdum, conclusions. signature.asc Description: Digital signature (GPG/PGP)