On Tue, 5 Apr 2011, rrich...@blythe.org wrote:
1) Move sshd to another
port, one higher than 5000
I'd have mixed feelings about the Wisdom of running on a non-reserved port.
jh
___
CentOS mailing list
CentOS@centos.org
On Tue, Apr 5, 2011 at 10:17 AM, John Hodrien j.h.hodr...@leeds.ac.uk wrote:
On Tue, 5 Apr 2011, rrich...@blythe.org wrote:
1) Move sshd to another
port, one higher than 5000
I'd have mixed feelings about the Wisdom of running on a non-reserved port.
Why,
We've been running SSH on
On Tue, 5 Apr 2011, Rudi Ahlers wrote:
Why,
We've been running SSH on hundreds of servers on a port higher than
5000 for year now and no problems at all.
I always feel slightly ickie about running services on ports normal users can
run on (this obviously depends a lot on who can run
On Tuesday 05 April 2011 11:27:49 Rudi Ahlers wrote:
On Tue, Apr 5, 2011 at 10:17 AM, John Hodrien j.h.hodr...@leeds.ac.uk
wrote:
On Tue, 5 Apr 2011, rrich...@blythe.org wrote:
1) Move sshd to another
port, one higher than 5000
I'd have mixed feelings about the Wisdom of running on a
Introducing a Hawk helped us a lot. Tools like Hawk and
fail2ban are quite
useful, actually only thinks like that have
good impact on the bruteforce
attempts.
Indeed! I run
Fail2Ban not only against SSH, but against SMTP/AUTH and IMAPS/POP3S (the
only client mail protocols we support). It's
On Tue, Apr 5, 2011 at 5:51 PM, rrich...@blythe.org wrote:
Introducing a Hawk helped us a lot. Tools like Hawk and
fail2ban are quite
useful, actually only thinks like that have
good impact on the bruteforce
attempts.
Indeed! I run
Fail2Ban not only against SSH, but against SMTP/AUTH
rrich...@blythe.org wrote:
Indeed! I run
Fail2Ban not only against SSH, but against SMTP/AUTH and IMAPS/POP3S (the
only client mail protocols we support). It's amazing how many dictionary
attacks take place against SMTP by persistent spamers! Besides the effect
against dictionary attacks, it
On Apr 5, 2011, at 11:46 PM, Ljubomir Ljubojevic wrote:
rrich...@blythe.org wrote:
Indeed! I run
Fail2Ban not only against SSH, but against SMTP/AUTH and IMAPS/POP3S (the
only client mail protocols we support). It's amazing how many dictionary
attacks take place against SMTP by persistent
Hi,
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set
--name SSH
On 04/04/11 11:18, Rainer Traut wrote:
Hi,
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW
On Monday 04 April 2011 12:18:43 Rainer Traut wrote:
Hi,
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m
Am 04.04.2011 12:34, schrieb Marian Marinov:
How is it possible for an attacker to try to logon more then 4 times?
Can the attacker do this with only one TCP/IP connection without
establishing a new one?
Or have the scripts been adapted to this?
The attackers are not trying constantly.. Just
Am Montag, den 04.04.2011, 15:07 +0200 schrieb Rainer Traut:
Am 04.04.2011 12:34, schrieb Marian Marinov:
How is it possible for an attacker to try to logon more then 4 times?
Can the attacker do this with only one TCP/IP connection without
establishing a new one?
Or have the scripts been
On 04/04/11 15:35, henry ritzlmayr wrote:
Am Montag, den 04.04.2011, 15:07 +0200 schrieb Rainer Traut:
Am 04.04.2011 12:34, schrieb Marian Marinov:
How is it possible for an attacker to try to logon more then 4 times?
Can the attacker do this with only one TCP/IP connection without
You could also try using tcpwrappers along with iptables.
On 04/04/2011 06:34 AM, Marian Marinov wrote:
On Monday 04 April 2011 12:18:43 Rainer Traut wrote:
Hi,
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
-A INPUT -p tcp -m state --state NEW -m tcp
Am Montag, den 04.04.2011, 16:04 +0200 schrieb David Sommerseth:
On 04/04/11 15:35, henry ritzlmayr wrote:
Am Montag, den 04.04.2011, 15:07 +0200 schrieb Rainer Traut:
Am 04.04.2011 12:34, schrieb Marian Marinov:
How is it possible for an attacker to try to logon more then 4 times?
Can
On 04/04/11 11:18, Rainer Traut wrote:
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW -m
Guys,
really... look at denyhosts and Hawk.
Both projects analyze the logs of the service and check for failed login
attempts.
It is useless to battle the bruteforcers at the network level since they can
adapt their behaviour to really easy surcomvent any firewalls.
In order to protect your
: centos-boun...@centos.org
Date: Mon, 4 Apr 2011 18:00:23
To: CentOS mailing listcentos@centos.org
Reply-To: CentOS mailing list centos@centos.org
Subject: Re: [CentOS] sshd: Authentication Failures: 137 Time(s)
___
CentOS mailing list
CentOS@centos.org
Rainer Traut wrote:
Am 04.04.2011 12:34, schrieb Marian Marinov:
How is it possible for an attacker to try to logon more then 4 times?
Can the attacker do this with only one TCP/IP connection without
establishing a new one?
Or have the scripts been adapted to this?
The attackers are not
Rainer Traut tr.ml@... writes:
Hi,
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
SNIP
Lots of good advice from several people. All of the suggested solutions mean
you still have to wade through log entries from the unsuccessful attacks.
I've been
David G. Miller wrote:
Rainer Traut tr.ml@... writes:
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
SNIP
Lots of good advice from several people. All of the suggested solutions
mean you still have to wade through log entries from the unsuccessful
attacks.
On Monday 04 April 2011 21:08:45 David G.Miller wrote:
Rainer Traut tr.ml@... writes:
Hi,
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
SNIP
Lots of good advice from several people. All of the suggested solutions
mean you still have to wade
David G. Miller wrote:
Rainer Traut tr.ml@... writes:
Hi,
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
SNIP
Lots of good advice from several people. All of the suggested solutions mean
you still have to wade through log entries from the unsuccessful
--On Monday, April 04, 2011 09:15:28 PM +0200 Ljubomir Ljubojevic
off...@plnet.rs wrote:
I use Denyhosts for my security. All attacking IP's are blocked
automatically and sent to Denyhosts database server. Those IP's, from
around the world are then shared amongst all denyhosts users/systems,
Hi,
to prevent scripted dictionary attacks to
sshd
I applied those iptables rules:
-A
INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set
26 matches
Mail list logo