From: "Dmitry S. Makovey" <dmitry@athabascau.ca>
To: gentoo-user@lists.gentoo.org
Cc: Christian Franke <cfchris6@yahoo.de>
Subject: Re: [gentoo-user] Curious pattern in log files from ssh...
Date: Thu, 04 Dec 2008 13:22:51 -0700 [thread overview]
Message-ID: <200812041322.54849.dmitry@athabascau.ca> (raw)
In-Reply-To: <49382975.5080701@yahoo.de>
[-- Attachment #1: Type: text/plain, Size: 1149 bytes --]
On December 4, 2008, Christian Franke wrote:
> I just don't see what blocking ssh-bruteforce attempts should be good
> for, at least on a server where few _users_ are active.
Considering how much creative paranoia I've exposed in this thread it might
come as a surprise, but I do agree with the above statement. Strong passwords
(or key-only authentication) would prevent brute-force attacks from being
successfull. The only thing that is semi-usefull side-effect is that you can
identify compromised machines and deny ANY type of traffic from them
preventing possible DoS launched against you. But then IPs are so easy to
spoof :) Balance is what makes sysadmin comfortable enough and doesn't
compromise usability of the server, so everybody decides for themselves. OP
obviously wants that "extra" layer of protection and notification so with a
bit of creativity and some external tools it's possible to achieve. As long
as he doesn't forget about other aspects of security - he should do just fine
with all those extra measures :)
--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2008-12-04 20:27 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-03 20:02 [gentoo-user] Curious pattern in log files from ssh Steve
2008-12-03 20:16 ` [gentoo-user] " Nikos Chantziaras
2008-12-03 20:19 ` Paul Hartman
2008-12-03 20:52 ` Nikos Chantziaras
2008-12-03 20:17 ` [gentoo-user] " Albert Hopkins
2008-12-03 20:18 ` Paul Hartman
2008-12-03 20:49 ` Simon
2008-12-04 11:31 ` Steve
2008-12-05 7:16 ` Mick
2008-12-03 20:54 ` Alan McKinnon
2008-12-03 21:03 ` Dmitry S. Makovey
2008-12-03 21:47 ` Steve
2008-12-03 22:11 ` Dmitry S. Makovey
2008-12-03 22:55 ` Steve
2008-12-03 23:21 ` Paul Hartman
2008-12-03 23:46 ` Dmitry S. Makovey
2008-12-03 23:55 ` Steve
2008-12-04 0:07 ` Dmitry S. Makovey
2008-12-04 0:39 ` Steve
2008-12-04 15:50 ` Dmitry S. Makovey
2008-12-04 22:44 ` Adam Carter
2008-12-05 0:15 ` Dmitry S. Makovey
2008-12-04 23:42 ` Shawn Haggett
2008-12-03 22:54 ` Adam Carter
2008-12-04 11:24 ` Evgeniy Bushkov
2008-12-04 22:41 ` Adam Carter
2008-12-04 22:53 ` Adam Carter
2008-12-05 15:05 ` Evgeniy Bushkov
2008-12-07 5:52 ` Joshua Murphy
2008-12-04 19:03 ` Christian Franke
2008-12-04 20:22 ` Dmitry S. Makovey [this message]
2008-12-04 21:20 ` Alan McKinnon
2008-12-05 11:24 ` Steve
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200812041322.54849.dmitry@athabascau.ca \
--to=dmitry@athabascau.ca \
--cc=cfchris6@yahoo.de \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox