On Apr 5, 2011, at 11:46 PM, Ljubomir Ljubojevic wrote:
> rrich...@blythe.org wrote:
>> Indeed! I run
>> Fail2Ban not only against SSH, but against SMTP/AUTH and IMAPS/POP3S (the
>> only client mail protocols we support). It's amazing how many dictionary
>> attacks take place against SMTP by persi
rrich...@blythe.org wrote:
> Indeed! I run
> Fail2Ban not only against SSH, but against SMTP/AUTH and IMAPS/POP3S (the
> only client mail protocols we support). It's amazing how many dictionary
> attacks take place against SMTP by persistent spamers! Besides the effect
> against dictionary attacks,
On Tue, Apr 5, 2011 at 5:51 PM, wrote:
>
>
>
>> Introducing a Hawk helped us a lot. Tools like Hawk and
> fail2ban are quite
>> useful, actually only thinks like that have
> good impact on the bruteforce
>> attempts.
>
> Indeed! I run
> Fail2Ban not only against SSH, but against SMTP/AUTH and IMA
> Introducing a Hawk helped us a lot. Tools like Hawk and
fail2ban are quite
> useful, actually only thinks like that have
good impact on the bruteforce
> attempts.
Indeed! I run
Fail2Ban not only against SSH, but against SMTP/AUTH and IMAPS/POP3S (the
only client mail protocols we support). It
On Tuesday 05 April 2011 11:27:49 Rudi Ahlers wrote:
> On Tue, Apr 5, 2011 at 10:17 AM, John Hodrien
wrote:
> > On Tue, 5 Apr 2011, rrich...@blythe.org wrote:
> >> 1) Move sshd to another
> >> port, one higher than 5000
> >
> > I'd have mixed feelings about the Wisdom of running on a non-reserve
On Tue, 5 Apr 2011, Rudi Ahlers wrote:
> Why,
>
> We've been running SSH on hundreds of servers on a port higher than
> 5000 for year now and no problems at all.
I always feel slightly ickie about running services on ports normal users can
run on (this obviously depends a lot on who can run proce
On Tue, Apr 5, 2011 at 10:17 AM, John Hodrien wrote:
> On Tue, 5 Apr 2011, rrich...@blythe.org wrote:
>
>> 1) Move sshd to another
>> port, one higher than 5000
>
> I'd have mixed feelings about the Wisdom of running on a non-reserved port.
>
Why,
We've been running SSH on hundreds of servers o
On Tue, 5 Apr 2011, rrich...@blythe.org wrote:
> 1) Move sshd to another
> port, one higher than 5000
I'd have mixed feelings about the Wisdom of running on a non-reserved port.
jh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailm
> Hi,
>
> to prevent scripted dictionary attacks to
sshd
> I applied those iptables rules:
>
> -A
INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
>
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
>
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --
--On Monday, April 04, 2011 09:15:28 PM +0200 Ljubomir Ljubojevic
wrote:
> I use Denyhosts for my security. All attacking IP's are blocked
> automatically and sent to Denyhosts database server. Those IP's, from
> around the world are then shared amongst all denyhosts users/systems, so
>I a
David G. Miller wrote:
> Rainer Traut writes:
>
>> Hi,
>>
>> to prevent scripted dictionary attacks to sshd
>> I applied those iptables rules:
> SNIP
>
> Lots of good advice from several people. All of the suggested solutions mean
> you still have to wade through log entries from the unsuccess
On Monday 04 April 2011 21:08:45 David G.Miller wrote:
> Rainer Traut writes:
> > Hi,
> >
> > to prevent scripted dictionary attacks to sshd
>
> > I applied those iptables rules:
> SNIP
>
>
> Lots of good advice from several people. All of the suggested solutions
> mean you still have to wade
David G. Miller wrote:
> Rainer Traut writes:
>
>>
>> to prevent scripted dictionary attacks to sshd
>> I applied those iptables rules:
> SNIP
>
> Lots of good advice from several people. All of the suggested solutions
> mean you still have to wade through log entries from the unsuccessful
attack
Rainer Traut writes:
>
> Hi,
>
> to prevent scripted dictionary attacks to sshd
> I applied those iptables rules:
SNIP
>
Lots of good advice from several people. All of the suggested solutions mean
you still have to wade through log entries from the unsuccessful attacks.
I've been quite h
Rainer Traut wrote:
> Am 04.04.2011 12:34, schrieb Marian Marinov:
>>> How is it possible for an attacker to try to logon more then 4 times?
>>> Can the attacker do this with only one TCP/IP connection without
>>> establishing a new one?
>>> Or have the scripts been adapted to this?
>>
>> The attac
...@centos.org
Date: Mon, 4 Apr 2011 18:00:23
To: CentOS mailing list
Reply-To: CentOS mailing list
Subject: Re: [CentOS] sshd: Authentication Failures: 137 Time(s)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo
Guys,
really... look at denyhosts and Hawk.
Both projects analyze the logs of the service and check for failed login
attempts.
It is useless to battle the bruteforcers at the network level since they can
adapt their behaviour to really easy surcomvent any firewalls.
In order to protect your a
On Mon, 4 Apr 2011, Tom Yates wrote:
> i occasionally trip my iptables rule myself, for example if i scp a couple
> of files off a server and then go back for a third; i feel it would be a
> shame to lock myself out for an hour, by doing that.
An argument for something like pam_tally? Ideally, y
On 04/04/11 11:18, Rainer Traut wrote:
> to prevent scripted dictionary attacks to sshd
> I applied those iptables rules:
>
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
> --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
> -A INPUT -p tcp -m state --state NEW
Am Montag, den 04.04.2011, 16:04 +0200 schrieb David Sommerseth:
> On 04/04/11 15:35, henry ritzlmayr wrote:
> > Am Montag, den 04.04.2011, 15:07 +0200 schrieb Rainer Traut:
> >> Am 04.04.2011 12:34, schrieb Marian Marinov:
> How is it possible for an attacker to try to logon more then 4 times
You could also try using tcpwrappers along with iptables.
On 04/04/2011 06:34 AM, Marian Marinov wrote:
> On Monday 04 April 2011 12:18:43 Rainer Traut wrote:
>> Hi,
>>
>> to prevent scripted dictionary attacks to sshd
>> I applied those iptables rules:
>>
>> -A INPUT -p tcp -m state --state NEW
On 04/04/11 15:35, henry ritzlmayr wrote:
> Am Montag, den 04.04.2011, 15:07 +0200 schrieb Rainer Traut:
>> Am 04.04.2011 12:34, schrieb Marian Marinov:
How is it possible for an attacker to try to logon more then 4 times?
Can the attacker do this with only one TCP/IP connection without
>
Am Montag, den 04.04.2011, 15:07 +0200 schrieb Rainer Traut:
> Am 04.04.2011 12:34, schrieb Marian Marinov:
> >> How is it possible for an attacker to try to logon more then 4 times?
> >> Can the attacker do this with only one TCP/IP connection without
> >> establishing a new one?
> >> Or have the
Am 04.04.2011 12:34, schrieb Marian Marinov:
>> How is it possible for an attacker to try to logon more then 4 times?
>> Can the attacker do this with only one TCP/IP connection without
>> establishing a new one?
>> Or have the scripts been adapted to this?
>
> The attackers are not trying constant
On Monday 04 April 2011 12:18:43 Rainer Traut wrote:
> Hi,
>
> to prevent scripted dictionary attacks to sshd
> I applied those iptables rules:
>
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
> --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
> -A INPUT -p tcp
On 04/04/11 11:18, Rainer Traut wrote:
> Hi,
>
> to prevent scripted dictionary attacks to sshd
> I applied those iptables rules:
>
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
> --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
> -A INPUT -p tcp -m state --st
Hi,
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set
--name SSH -
27 matches
Mail list logo
