From: Jerry Eastmanhouser <fuct.it@gmail.com>
To: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Mon, 3 Oct 2005 04:29:05 -0400 [thread overview]
Message-ID: <87f1fb0a0510030129o41595461ta649c30a20d39eb9@mail.gmail.com> (raw)
In-Reply-To: <4340E36E.6020801@garault.org>
[-- Attachment #1: Type: text/plain, Size: 1894 bytes --]
I've been getting hit with similar brute force attacks...usually from Korea
or China......anyway
like the several options listed above I think the less fancy you secure your
box the better....
really if you want to be able to log in from any number of remote clients
like me the best thing
to do is simply change your sshd port. I did that and it solved the problem
rather quickly with
little disruption to myself....I don't want to have a key with me...to log
in with when I travel.
An option that I considered that nobody mentioned yet is leaving port 22
closed completely
and then use port knocking to open up the port for 20 seconds or so on your
IP (however long
you need to log onto the system). The port opens long enough for you to
establish a connection
and then closes automatically to any new connections, but still allows
established traffic through.
Clever idea and pretty simple to impliment...just google for it...I think
there is a gentoo wiki howto
on it as well.
Adios.
On 10/3/05, Christophe Garault <christophe@garault.org> wrote:
>
> Jeremy Brake a écrit :
>
> >Hey all,
> >
> >I'm looking for an app/script which can monitor for failed ssh logins,
> >and block using IPTables for $time after $number of failed logins (an
> >exclusion list would be handy as well) so that I can put a quick stop to
> >these niggly brute-force ssh "attacks" I seem to be getting more and
> >more often.
> >
> >Anyone have any ideas?
> >
> >
> Yep: emerge fail2ban (http://sourceforge.net/projects/fail2ban).
> It's an excellent script written in python that can monitor all
> unsuccessfull logins (ssh, apache)
> There's a fail2ban.conf file where you can define many options to
> protect you from a Dos.
>
> >Thanks, Jeremy B
> >
> >
> Have a nice day.
>
> --
> Christophe Garault
> --
> gentoo-security@gentoo.org mailing list
>
>
[-- Attachment #2: Type: text/html, Size: 2367 bytes --]
next prev parent reply other threads:[~2011-10-31 3:55 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-02 21:10 [gentoo-security] [OT?] automatically firewalling off IPs Jeremy Brake
2005-10-02 21:19 ` MaxieZ
2005-10-02 22:29 ` J Holder
2005-10-03 2:52 ` Brian Micek
2005-10-03 13:01 ` David vasil
2005-10-03 13:18 ` rpfc
2005-10-03 17:06 ` Kirk Hoganson
2005-10-04 16:25 ` boger
2005-10-04 17:16 ` Kirk Hoganson
2005-10-04 18:42 ` boger
2005-10-04 20:30 ` Kirk Hoganson
2005-10-04 20:42 ` boger
2005-10-04 19:45 ` [gentoo-security] Port knocking Tobias Sager
2005-10-04 20:20 ` boger
2005-10-02 21:24 ` [gentoo-security] [OT?] automatically firewalling off IPs Tad Glines
2005-10-02 22:53 ` Alex Efros
2005-10-02 23:02 ` Marc Risse
2005-10-06 1:40 ` Tad Glines
2005-10-06 8:13 ` Matan Peled
2005-10-06 9:15 ` William Kenworthy
2005-10-06 10:19 ` Matan Peled
2005-10-06 12:44 ` William Kenworthy
2005-10-06 21:02 ` Kirk Hoganson
2005-10-06 21:05 ` Brian Micek
2005-10-07 2:37 ` Tad Glines
2005-10-07 18:47 ` Eric Paynter
2005-10-08 13:40 ` RADDS Support Team
2005-10-02 21:33 ` DeadManMoving
2005-10-02 21:37 ` Hemmann, Volker Armin
2005-10-02 21:56 ` Alec Joseph Warner
2005-10-02 22:13 ` xyon
2005-10-02 21:53 ` Hassan El-Masri
2005-10-02 21:57 ` Andreas Waschbuesch
2005-10-02 22:20 ` darren kirby
2005-10-03 7:53 ` Christophe Garault
2005-10-03 8:29 ` Jerry Eastmanhouser [this message]
2005-10-03 10:58 ` Dave Strydom [i*]Group
2005-10-03 12:25 ` Oscar Carlsson
2005-10-03 13:29 ` Dan Shookowsky
2005-10-03 23:26 ` Jeremy Brake
2005-10-04 6:15 ` Joerg Mertin
2005-10-04 8:55 ` Dave Strydom
2005-10-04 14:45 ` Kyle Lutze
2005-10-04 14:49 ` Dave Strydom
2005-10-04 17:42 ` Kyle Lutze
2005-10-04 17:52 ` Neil Cherry
2005-10-05 16:46 ` Robert Larson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87f1fb0a0510030129o41595461ta649c30a20d39eb9@mail.gmail.com \
--to=fuct.it@gmail.com \
--cc=gentoo-security@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox