On Mon, 12 Jan 2009 17:47:08 -0600
Ned Slider wrote:
> Welcome :-)
>
Thanks!
>
>
> http://wiki.centos.org/HowTos/Network/SecuringSSH
Good guide -- thanks for pointing it out. I also like the idea of
implementing denyhosts that Steve Huff pointed out. I use that on a
public (virtual) server I
David Klann wrote:
> New to the list, so please forgive unintentional netiquette
> transgressions...
>
Welcome :-)
>
> Discounting DoS or DDoS attacks, my solution to nefarious SSH attempts
> is threefold: 1) run sshd on a port other than 22 (I know, obscurity
> is not security...), 2) disabl
On Jan 12, 2009, at 3:24 PM, James B. Byrne wrote:
It is evident that this attacker had more than one netblock
available. It
is conceivable that, instead of serially attacking us, they could just
have easily attempted multiple simultaneous connections from all of
their
available IP address
New to the list, so please forgive unintentional netiquette
transgressions...
On Mon, 12 Jan 2009 14:24:54 -0600
"James B. Byrne" wrote:
> Thanks for the help. I completely missed that error.
>
>
>
> throttle threshold of 15 seconds. I am still concerned about any
> brute force attempt to dis
Thanks for the help. I completely missed that error.
This guy is persistent. After I cut off 220.232.152.137 we had intrusion
attempts from 216.107.171.10. After I cut off that one then we had
attempts from 69.80.235.135. Since blocking that network we have had no
more attempts recorded.
When
James B. Byrne wrote:
> Chain RH-Firewall-1-INPUT (2 references)
> num target prot opt source destination
> 1DROP all -- 202.14.0.0/24anywhere
> 2DROP all -- 220.232.0.0/24 anywhere
> Jan 12 13:36:02 inet01 sshd[16056]: Received disconnect
On Mon, January 12, 2009 1:37 pm, James B. Byrne wrote:
> I have these rules in effect:
> 1DROP all -- 202.14.0.0/24anywhere
> 2DROP all -- 220.232.0.0/24 anywhere
>
> Note particularly line 2.
>
> Now, notwithstanding the above, I see this in my /var/log/sec
I have these rules in effect:
]# iptables --list --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
num target prot opt source destin
8 matches
Mail list logo
