I'm suprised nobody else has mentioned this...
hosts.allow/hosts.deny
It's simple, and dosen't depend on the firewall software to be running.
hosts.deny allows you to deny access from all IPs (or specific ones)
hosts.allow lets you override the deny file with the IP ranges or less securely
the
Patrick,
I agree with that argument but I don't think anyone here has ever seen that
problem before. IPs are allocated to organizations. If you block the
Chinese hacker organization then how many subs are going to be complaining
about that?
Josh Luthman
Office: 937-552-2340
Direct:
Very simple effective fix if you have iptables:
iptables -A INPUT -p tcp --dport 22 -s your_subnet/21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
--name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update
--seconds 60 --hitcount
Just to follow up on this thought, the main unintended consequence I
had in mind was a customer running some sort of security verification
suite against his/her own servers. If I were an IT employee using this
sort of software from outside my network, and all of a sudden certain
IPs or subnets
I was thinking of the case where the IT person is running the security
audit tool from a trusted network, like a branch office or their home
connection.
Probably an obscure case. But annoying if a customer ever gets burned by it.
My philosophy is that the ISP should be responsible for the most
On Mon, 2009-05-04 at 09:37 -0400, Patrick Shoemaker wrote:
Just to follow up on this thought, the main unintended consequence I
had in mind was a customer running some sort of security verification
suite against his/her own servers. If I were an IT employee using this
sort of software from
: Friday, May 01, 2009 10:53 PM
Subject: Re: [WISPA] Crude dictionary attack via ssh
Tom Sharples wrote:
Spotted this a few minutes ago on one of our back-end servers. Didn't
work, but worth noting.
Which OS are you running
Tom Sharples wrote:
It's a flavor of Slack Linux. Don't have Python on these boxes so am
writing a bash script to do essentially the same thing as DenyHosts.
You run iptables on this box? You might have some options there, as well.
Tom Sharples wrote:
It's a flavor of Slack Linux. Don't have Python on these boxes so am
writing a bash script to do essentially the same thing as DenyHosts.
Here's an idea that might work too, assuming you have iptables on that box
http://www.e18.physik.tu-muenchen.de/~tnagel/ipt_recent/
On Fri, 2009-05-01 at 18:36 -0700, Tom Sharples wrote:
This works too :-)
iptables -A INPUT -s 213.165.154.53/24 -j DROP
It does for sure. The only problem is that this one host is not the
only one to be concerned about. If you have a router at the border of
the network that has the
is a good one too, that will be in Version 2 :-)
Thanks,
Tom S.
- Original Message -
From: Butch Evans but...@butchevans.com
To: Tom Sharples tsharp...@qorvus.com; WISPA General List
wireless@wispa.org
Sent: Saturday, May 02, 2009 12:18 PM
Subject: Re: [WISPA] Crude dictionary attack
On Sat, 2009-05-02 at 17:51 -0400, Patrick Shoemaker wrote:
There's another linux program out there called BFD that does the same
thing: parses logs and creates IPTABLES rules, but it doesn't use
python. Google it and see if it will work for your application.
Again, this is a good approach,
Josh Luthman wrote:
Install DenyHosts and those go away.
ditto
http://denyhosts.sourceforge.net/
http://denyhosts.sourceforge.net/faq.html
http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
DenyHosts is a script intended to be run by Linux system administrators
to help
dictionary attack via ssh
Install DenyHosts and those go away.
On 5/1/09, Tom Sharples tsharp...@qorvus.com wrote:
Spotted this a few minutes ago on one of our back-end servers. Didn't
work,
but worth noting.
Tom S.
May 2 01:05:12 QORVUS1 sshd[21728]: Illegal user lieu from
213.165.154.53
Those attacks been going on for years now. I create on our core router long
time back that will detect successive new ssh connections and block the source
ip for 30minutes. Works very well.
/Eje
Sent via BlackBerry from T-Mobile
-Original Message-
From: Tom Sharples
BlackBerry from T-Mobile
-Original Message-
From: Rogelio scubac...@gmail.com
Date: Fri, 01 May 2009 18:31:41
To: WISPA General Listwireless@wispa.org
Subject: Re: [WISPA] Crude dictionary attack via ssh
Josh Luthman wrote:
Install DenyHosts and those go away.
ditto
http
Tom Sharples wrote:
Spotted this a few minutes ago on one of our back-end servers. Didn't work,
but worth noting.
Which OS are you running?
WISPA Wants You! Join today!
http://signup.wispa.org/
17 matches
Mail list logo