From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id B1145138A2C for ; Thu, 14 Feb 2013 17:29:21 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 95C5821C00D; Thu, 14 Feb 2013 17:29:07 +0000 (UTC) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CB647E0595 for ; Thu, 14 Feb 2013 17:29:05 +0000 (UTC) Received: by mail-wi0-f178.google.com with SMTP id o1so177957wic.11 for ; Thu, 14 Feb 2013 09:29:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=jP0FlMNoU4aAV9m3NKfeJEoEgQQyxLESzGXewUw/Fro=; b=WKYhOb6DFOb+8mLPCZsqFUjA4qMjtPzXZSm+5CurcZUXS6VZ+JUPoYNRD9xO9TPSRt Gc4t8DQrgHSJugDLPOIL1pbPoywCeVUyVB6KQmbSNqSVN8eIM5esqp3PX10sCZ6ZtrLu C/04Wh8ZM+auv1ZyQsc027aS34GT5eLGCAPGmjoF2jmMnNqjSn2Cyl/sbTTkVNrTSVlb W48G5UCAGf8uX85uAUwuO2Fsk01PNgDzu6v7TbsZu2Vuccb1xCoWfnQXzRXJmeFtQU7P zSo/QEqYZfBI4uIz2/gLjHygmirzUEZJwKFU1fJtDAmT+/SBZg34ckMdxWLaK+iMyWBO 7yQw== X-Received: by 10.180.89.101 with SMTP id bn5mr875552wib.14.1360862944375; Thu, 14 Feb 2013 09:29:04 -0800 (PST) Received: from [172.20.0.41] (196-215-205-209.dynamic.isadsl.co.za. [196.215.205.209]) by mx.google.com with ESMTPS id eo10sm605851wib.9.2013.02.14.09.29.01 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 14 Feb 2013 09:29:03 -0800 (PST) Message-ID: <511D1E8F.8030107@gmail.com> Date: Thu, 14 Feb 2013 19:27:43 +0200 From: Alan McKinnon User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130114 Thunderbird/17.0.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] pam_get_uid: no such user References: <511BE981.6030803@gmail.com> <511C644F.2060407@gmail.com> <2982193.qFHaFKoIpo@apollo> In-Reply-To: <2982193.qFHaFKoIpo@apollo> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: 13211265-5bc8-45dc-92a4-ca8771efac49 X-Archives-Hash: 008f28504b424b63a5c56f2563e43a5d On 14/02/2013 18:51, Paul Klos wrote: > Op donderdag 14 februari 2013 04:56:53 schreef Stroller: >> >> On 14 February 2013, at 04:13, Daniel Frey wrote: >>> ... >>> I've poked into this a bit more, and every 60 seconds 5 attempts at >>> logon are being madeā€¦ This weekend I'll reformat & reinstall. >> >> Excuse me if this is a dumb question, but does this machine have any ports open to the internet? >> >> This thread reminds me of how we sometimes hear of logfiles full of many ssh attempts made by script kiddies and botnets. >> >> Stroller. >> >> > Same here, I've seen multitudes of messages like this, with different user names, in log files on servers with open ports 22. As long as you don't allow interactive logins you shoud be fine, right? > > I think there might also be some advanced iptables hacking that might help you block too many requests from the same source IP. This is still on my list of stuff to look at 'some time'. > > One thing I have used with apparent succes is access a different port on the outside, and redirect that to 22 on the inside. It's security through obscurity, I know, but it seemed quite effective nonetheless. That's fuzzy-feel-good security, the kind where you feel all warm and fuzzy and think you have protection. You don't, not even a little bit. All the l33t h@ckzor scripts out there can deal with simple port redirection. The solution you want is denyhosts, fail2ban, etc. There's a lot of software in that general category and it gets the job done properly. If you want to persist with obfuscated redirection, implement port knocking. It works, but it gets to be a pain rather quickly. -- Alan McKinnon alan.mckinnon@gmail.com