This requires the ipt_recent IPtables module, among others, and it is in 2.4.22+ and 2.6 kernels. Both in testing. And requires upgrading libc6, so use at your own risk.
Jeffrey Quoting Jeffrey L. Taylor <[EMAIL PROTECTED]>: > A possible improvement: > > http://www.soloport.com/iptables.html > > Quoting Steve Suehring <[EMAIL PROTECTED]>: > > > > Could it be this? > > > > http://lists.sans.org/pipermail/intrusions/2004-August/008357.html > > > > You didn't specify which usernames were being used, so it's tough to > > tell if that's the same. > > > > A couple of simple and quick things that I might do if this was a > > concern: > > > > -Setup an iptables firewall on the boxen running SSH and only allow > > certain hosts to get to port 22. Alternately, you might consider > > denying access through tcpwrappers, though I much prefer the iptables > > method. > > > > -Make sure that PermitRootLogin is set to no in your > > /etc/ssh/sshd_config. Some might argue the necessity or effectiveness > > of this measure but it is another step you can take to help defend the > > computer. > > > > I'm sure others have appropriate suggestions as well. > > > > Steve > > > > > > On Sat, Jan 29, 2005 at 03:05:35PM +0000, michael wrote: > > > On debian-user it was suggested I also post this here, thanks, Michael > > > From: michael <[EMAIL PROTECTED]> > > > To: debian user <debian-user@lists.debian.org> > > > Subject: security > > > Date: Fri, 28 Jan 2005 09:46:31 +0000 > > > I notice that frequently many machines around here get attacked by a > > > potential hacker (a prog I guess) trying lots of usernames to get in to > > > all the machines, using the same set of usernames at the same time. Have > > > people seen this on their machines? I'm guessing it's a virus/worm on a > > > Windows box doing this but does anybody know more? > > > > > > I've followed & done most of the suggestions listed in chpts 4 & 5 of > > > "Securing Debian" HowTo/Manual although I will admit to not following > > > and therefore not having got around to firewalling. Other suggestions > > > most welcome. > > > > > > Thanks > > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
