From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1L7ysp-0008Vk-EI for garchives@archives.gentoo.org; Wed, 03 Dec 2008 21:03:44 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 84507E018D; Wed, 3 Dec 2008 21:03:41 +0000 (UTC) Received: from smtp.athabascau.ca (smtp.athabascau.ca [131.232.10.21]) by pigeon.gentoo.org (Postfix) with ESMTP id 59662E018D for ; Wed, 3 Dec 2008 21:03:41 +0000 (UTC) Received: from CONVERSION-DAEMON.local.athabascau.ca by local.athabascau.ca (PMDF V6.2-1x12 #31425) id <0KBB0KE01JU46R@local.athabascau.ca> for gentoo-user@lists.gentoo.org; Wed, 03 Dec 2008 14:03:40 -0700 (MST) Received: from dimon.pc.athabascau.ca ([131.232.4.135]) by local.athabascau.ca (PMDF V6.2-1x12 #31425) with ESMTP id <0KBB0KJ9LJU4PU@local.athabascau.ca>; Wed, 03 Dec 2008 14:03:40 -0700 (MST) Date: Wed, 03 Dec 2008 14:03:37 -0700 From: "Dmitry S. Makovey" Subject: Re: [gentoo-user] Curious pattern in log files from ssh... In-reply-to: <4936E5E3.1040606@shic.co.uk> To: gentoo-user@lists.gentoo.org Cc: Steve Message-id: <200812031403.41731.dmitry@athabascau.ca> Organization: Athabasca University X-Envelope-from: dmitry@athabascau.ca Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-version: 1.0 Content-type: multipart/signed; boundary=nextPart1395218.f5VF5QGy58; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-transfer-encoding: 7BIT User-Agent: KMail/1.9.9 References: <4936E5E3.1040606@shic.co.uk> X-Archives-Salt: 6e3283cc-116f-419b-bb60-a85746d15ecc X-Archives-Hash: cf309ce22c1443498d99fed7b3401715 --nextPart1395218.f5VF5QGy58 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On December 3, 2008, Steve wrote: > Sure, I could use IPtables to block all these bad ports... or... I could > disable password authentication entirely... but I keep thinking that > there has to be something better I can do... any suggestions? Is there > a simple way to integrate a block-list of known-compromised hosts into > IPtables - rather like my postfix is configured to drop connections from > known spam sources from the sbl-xbl.spamhaus.org DNS block list, for > example. I went the path of paswordless entries (i.e. DSA/RSA keys) and I think it=20 helped a lot, no botnet/worm/cracker is known to do selective key assembly = so=20 far and it's a labour-intensive process. I think applying keys is a very go= od=20 step forward (well, and make sure every externally exposed service is=20 properly patched and secured ;) ). =2D-=20 Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245 --nextPart1395218.f5VF5QGy58 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iD8DBQBJNvQtyDrVuGfS98QRAgDJAJ9OTHc78bl4PyW4I5ozgBy1AtPj/wCgrQS+ zgchdpT5f0WiL6cSAAwvcc4= =ver5 -----END PGP SIGNATURE----- --nextPart1395218.f5VF5QGy58--