[olug] Eliminate risk for brute force root login attempts
Daniel Linder
dan at linder.org
Tue Aug 1 22:08:06 UTC 2006
On Tue, August 1, 2006 16:32, Carl Lundstedt wrote:
> After going through my latest log files on my linux workstation at the
> U. I'm getting hammered by brute force attacks. Back in the day I found
> a piece of software that detected these attacks on the fly and placed
> the offending machines IP into an IPchains or IPtables bit bucket. Thus
> the machine would never respond to anything the machine sent there
> after.
Carefull what you wish for! :) Someone might DOS your access to the
system by spoofing multipple failed telnet attempts using your home IP
address as the source. Once your system has black-listed your address,
they can try other methods to get on while you're locked out!
There is a simple rate-limit feature in IPTables that can limit
connections to "X/minute". Search for "iptables limit limit-burst" for
examples.
Dan
P.S. I prefer SSH keys for auth myself, no rate limiting/blacklisting needed.
- - - -
"Wait for that wisest of all counselors, time." -- Pericles
"I do not fear computers, I fear the lack of them." -- Isaac Asimov
"Soon we will be able to harness the rotational energy from Orwell's grave
to solve all world energy problems." -- /. user GigsVT (208848)
GPG fingerprint:6FFD DB94 7B96 0FD8 EADF 2EE0 B2B0 CC47 4FDE 9B68
More information about the OLUG
mailing list