On Tue, Jan 12, 2010 at 11:36:11PM +0100, Erik Norgaard wrote:
Anton Shterenlikht wrote:
- why not let your firewall do the blocking? If your blocking is IP
based that's the place to block.
I'm already under the University firewall. Only port 22 is let through.
But even that filles
Anton Shterenlikht wrote:
I'm thinking of denying ssh access to host from which
I get brute force ssh attacks.
This is a returning topic, search the archives. Anyway, the returning
answer:
- why not let your firewall do the blocking? If your blocking is IP
based that's the place to block.
On Tue, Jan 12, 2010 at 10:42:06AM +0100, Erik Norgaard wrote:
Anton Shterenlikht wrote:
I'm thinking of denying ssh access to host from which
I get brute force ssh attacks.
This is a returning topic, search the archives. Anyway, the returning
answer:
- why not let your firewall do
Anton Shterenlikht wrote:
- why not let your firewall do the blocking? If your blocking is IP
based that's the place to block.
I'm already under the University firewall. Only port 22 is let through.
But even that filles my logs.
What I meant was that if you want to block IPs or ranges of
I'm thinking of denying ssh access to host from which
I get brute force ssh attacks.
HOwever, I see in /etc/hosts.allow:
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
Why is it not a good idea?
Also, apparently
I'm thinking of denying ssh access to host from which
I get brute force ssh attacks.
HOwever, I see in /etc/hosts.allow:
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
Why is it not a good idea?
Also,
David Southwell wrote:
I'm thinking of denying ssh access to host from which
I get brute force ssh attacks.
HOwever, I see in /etc/hosts.allow:
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
Why is it not a good
On 1/11/10, David Southwell da...@vizion2000.net wrote:
I'm thinking of denying ssh access to host from which
I get brute force ssh attacks.
HOwever, I see in /etc/hosts.allow:
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd :
On Mon, Jan 11, 2010 at 07:18:04AM -0700, Tim Judd wrote:
On 1/11/10, David Southwell da...@vizion2000.net wrote:
I'm thinking of denying ssh access to host from which
I get brute force ssh attacks.
HOwever, I see in /etc/hosts.allow:
# Wrapping sshd(8) is not normally a good idea,
Tim Judd wrote:
I've been meaning to check this out. My firewall ssh rules are very
strict, in fact, if the remote IP is unknown meaning, I don't know
where the heck it's coming from, it's blocked. It's easier to say it
this way: I allow ssh connections from IPs I know, preferably static
Anton Shterenlikht wrote:
I'm thinking of denying ssh access to host from which
I get brute force ssh attacks.
HOwever, I see in /etc/hosts.allow:
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
Why is it not a
On Mon, Jan 11, 2010 at 03:25:04PM +, Matthew Seaman wrote:
Anton Shterenlikht wrote:
I'm thinking of denying ssh access to host from which
I get brute force ssh attacks.
HOwever, I see in /etc/hosts.allow:
# Wrapping sshd(8) is not normally a good idea, but if you
# need to
Anton Shterenlikht me...@bristol.ac.uk writes:
I'm very grateful for all advice, but I'm still unsure
why denying ssh access to a particular host via /etc/hosts.allow
is a bad idea.
As far as I recall, the reason the warning was added to the manual was
that it's fairly heavy on resources to
I had the same ssh-bruteforce troubles.
Here's the script I use against that.
It's in cron, launched every 2 minutes.
#!/bin/sh
AUTH=/var/log/auth.log
BKLST=/var/log/blacklist.log
HOSTS=/etc/hosts
DHOSTS=/etc/hosts.deny
cat $AUTH | egrep -i (illegal|invalid|failed) | awk -F from '{print $2}'
|
On Mon, Jan 11, 2010 at 7:01 AM, Anton Shterenlikht me...@bristol.ac.uk wrote:
I'm thinking of denying ssh access to host from which
I get brute force ssh attacks.
HOwever, I see in /etc/hosts.allow:
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
15 matches
Mail list logo
