[olug] Eliminate risk for brute force root login attempts
Jeff Hinrichs - DM&T
jeffh at dundeemt.com
Tue Aug 1 22:21:15 UTC 2006
+1 Denyhosts http://denyhosts.sourceforge.net/
Can do forever lockouts, timed lockouts and more.
On 8/1/06, Daniel Linder <dan at linder.org> wrote:
>
> On Tue, August 1, 2006 16:32, Carl Lundstedt wrote:
> > After going through my latest log files on my linux workstation at the
> > U. I'm getting hammered by brute force attacks. Back in the day I found
> > a piece of software that detected these attacks on the fly and placed
> > the offending machines IP into an IPchains or IPtables bit bucket. Thus
> > the machine would never respond to anything the machine sent there
> > after.
>
> Carefull what you wish for! :) Someone might DOS your access to the
> system by spoofing multipple failed telnet attempts using your home IP
> address as the source. Once your system has black-listed your address,
> they can try other methods to get on while you're locked out!
>
> There is a simple rate-limit feature in IPTables that can limit
> connections to "X/minute". Search for "iptables limit limit-burst" for
> examples.
>
> Dan
>
> P.S. I prefer SSH keys for auth myself, no rate limiting/blacklisting needed.
>
> - - - -
> "Wait for that wisest of all counselors, time." -- Pericles
> "I do not fear computers, I fear the lack of them." -- Isaac Asimov
> "Soon we will be able to harness the rotational energy from Orwell's grave
> to solve all world energy problems." -- /. user GigsVT (208848)
> GPG fingerprint:6FFD DB94 7B96 0FD8 EADF 2EE0 B2B0 CC47 4FDE 9B68
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
--
Jeff Hinrichs
Dundee Media & Technology, Inc
jeffh at dundeemt.com
402.320.0821
More information about the OLUG
mailing list