[olug] Eliminate risk for brute force root login attempts

Daniel Linder dan at linder.org
Tue Aug 1 22:08:06 UTC 2006


On Tue, August 1, 2006 16:32, Carl Lundstedt wrote:
> After going through my latest log files on my linux workstation at the
> U. I'm getting hammered by brute force attacks.  Back in the day I found
> a piece of software that detected these attacks on the fly and placed
> the offending machines IP into an IPchains or IPtables bit bucket.  Thus
> the machine would never respond to anything the machine sent there
> after.

Carefull what you wish for! :)  Someone might DOS your access to the
system by spoofing multipple failed telnet attempts using your home IP
address as the source.  Once your system has black-listed your address,
they can try other methods to get on while you're locked out!

There is a simple rate-limit feature in IPTables that can limit
connections to "X/minute".  Search for "iptables limit limit-burst" for
examples.

Dan

P.S. I prefer SSH keys for auth myself, no rate limiting/blacklisting needed.

- - - -
"Wait for that wisest of all counselors, time." -- Pericles
"I do not fear computers, I fear the lack of them." -- Isaac Asimov
"Soon we will be able to harness the rotational energy from Orwell's grave
to solve all world energy problems." -- /. user GigsVT (208848)
GPG fingerprint:6FFD DB94 7B96 0FD8 EADF  2EE0 B2B0 CC47 4FDE 9B68




More information about the OLUG mailing list