Hello readers, Beware... (see below - avoiding top-posts)
On Sun, Aug 06, 2006 at 10:37:31AM +0200, Matthias ?ubik wrote: > I would say this is the most elegant solution, > since it requires not extra software then iptables, which is probably > already installed. > > just my two cents ... > matthias > > On 05.08.2006, at 18:21, Vidar Tyldum Hansen wrote: > > > Duncan Brown skrev: > >> Hey all > >> > >> I am forever being bombarded with the current plague of ssh brute > >> force > >> dictionary attacks. > >> > >> In an effort to stop this, I was planning on using Denyhosts. However > >> when I tested my sshd config to see if it would work, as detailed > >> here: > >> > >> http://denyhosts.sourceforge.net/ssh_config.html > >> > >> it connected fine. So i guess I haven't got sshd running with tcp > >> wrappers. > >> > >> How do I go about doing this? > > > > I suggest using IPtables. > > You can either allow only the hosts you want or block those brute > > force > > attemps: > > /sbin/iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m > > recent > > --set > > /sbin/iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m > > recent > > --update --seconds 120 --hitcount 4 -j REJECT --reject-with > > icmp-admin-prohibited > > > > This gives them 4 attempts... This really applies to TSL 3.0 and newer (whenever it comes out) only! The version of the ipt_recent module that comes with TSL 2.2 kernels has a serious bug causing kernel panics. I've spent a lot of time on this and the conclusion I have reached is that no version of ipt_recent for 2.4.x kernels is stable. You have to go for kernel 2.6.x I haven't found a version for 2.4.x kernels with fixes backported. I have filed a bug into Bugzilla (https://bugs.trustix.org/show_bug.cgi?id=1662) which has been in the "NEW" state since march (sigh). The box that had problems with this has been solid as a rock since it's running TSL 2.2 with a 2.6 kernel compiled from source. It was panicking once a week before that (with a stock, updated TSL 2.2). Greets, _Alain_ _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
