Neal Murphy wrote:
The point is to reduce brute-forace attacks to the point of nearly total
ineffectiveness.
I use OpenSSH public/private key authentication to achieve this. Based on needs one could
also use two factor authentication (e.g. one time password tokens) or even a combination
of
On Mon, Mar 13, 2006 at 11:06:38PM -0500, Neal Murphy wrote:
The point is to obscure the ssh server from everyone, including those who are
authorized to access it remotely. The point is to reduce brute-forace attacks
to the point of nearly total ineffectiveness.
No more so than simply configu
Neal Murphy said:
> The point is to obscure the ssh server from everyone, including those
who
> are authorized to access it remotely.
You're right, this is just the old idea of "security by obscurity".
> The point is to reduce brute-forace attacks to the point of nearly total
> ineffectiveness.
On Monday 13 March 2006 20:07, Michael Stone wrote:
> On Mon, Mar 13, 2006 at 03:03:24PM -0500, Neal Murphy wrote:
> >The idea is to present information to the server that only the server can
> >decrypt, and that, in theory, only the authorized user could have
> > generated.
>
> Much like an authen
On Mon, Mar 13, 2006 at 03:03:24PM -0500, Neal Murphy wrote:
The idea is to present information to the server that only the server can
decrypt, and that, in theory, only the authorized user could have generated.
Much like an authentication system. What's the point of all this over
just authent
On Monday 13 March 2006 09:38, [EMAIL PROTECTED] wrote:
> On Mon, Mar 13, 2006 at 03:19:30AM -0500, Neal Murphy wrote:
> > It seems kind-of counterproductive to set up SSH for secure access, then
> > advertise to the universe that it's there. Thus my idea:
> >
> > Consider:
> > - sshd listens on
On 03/13/2006, johannes weiß wrote:
> this is the std config. But it's widely configurable (e.g.:
> --- SNIP (fail2ban.conf, std config) ---
> fwban = iptables -I fail2ban-%(__name__)s 1 -s -j DROP
> fwunban = iptables -D fail2ban-%(__name__)s -s -j DROP
> maxfailures = 5
> bantime = 600
> findt
On Mon, Mar 13, 2006 at 03:19:30AM -0500, Neal Murphy wrote:
> It seems kind-of counterproductive to set up SSH for secure access, then
> advertise to the universe that it's there. Thus my idea:
>
> Consider:
> - sshd listens on a pre-shared UDP port for 'a knock on the door',
> specificall
Hi,
also sprach johannes weiß <[EMAIL PROTECTED]> [2006.03.13.1132 +0100]:
I use fail2ban and I'm very happy with it.
Am I correct in assuming that it simply adds rules like
-A fail2ban_chain -s 1.2.3.4/32 -j DROP
this is the std config. But it's widely configurable (e.g.:
---
also sprach johannes weiß <[EMAIL PROTECTED]> [2006.03.13.1132 +0100]:
> I use fail2ban and I'm very happy with it.
Am I correct in assuming that it simply adds rules like
-A fail2ban_chain -s 1.2.3.4/32 -j DROP
to iptables whenever 1.2.3.4/32 has too many login failures?
Does it expire entri
Hi Guys,
> [...]
I use fail2ban and I'm very happy with it.
Just my 2 cents, regards,
johannes
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
* Neal Murphy <[EMAIL PROTECTED]> [2006-03-13 03:19 -0500]:
> Consider:
[...]
Sounds like putting http://ingles.homeunix.org/software/ost/
into ssh(d).
Nicolas
--
http://www.rachinsky.de/nicolas
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [
On Mon, Mar 13, 2006 at 03:19:30AM -0500, Neal Murphy wrote:
[...]
> My idea is akin to a monastery that has no visible way in or out. If someone
> wants in, he has to know where to knock, using the Super Secret Squirrel
> coded knock. Then he has to wait a bit before he tries to pass his
> cr
On Monday 13 March 2006 01:24, fgeek wrote:
> > Hello,
> >
> > once in a while (say, every two weeks) I get a brute-force
> > login/password scan attempt in my server (i.e., a single ip tries
> > dictionary account names and passwords at random). SSH access is
> > needed by many users, and (RSA/DS
> Hello,
>
> once in a while (say, every two weeks) I get a brute-force
> login/password scan attempt in my server (i.e., a single ip tries
> dictionary account names and passwords at random). SSH access is
> needed by many users, and (RSA/DSA key)-only access is, at present
> time, unwanted. So f
also sprach Michael Loftis <[EMAIL PROTECTED]> [2006.03.12.2301 +0100]:
> Yes you can make arbitrarily deep jumps/chains, but any single
> list is still processed sequentially. Once could probably
> implement scripting to produce a sort of binary tree on
> hashes/jumps to chains. Fact is it does
--On March 12, 2006 2:29:09 PM +0100 martin f krafft <[EMAIL PROTECTED]>
wrote:
also sprach Michael Loftis <[EMAIL PROTECTED]> [2006.03.12.1159 +0100]:
The only thing I can say is be *VERY* careful on a busy Linux box.
iptables sucks. It's sequential, meaning every entry in a list has to be
Not that safe, some of those scanners to a portscan first looking for SSH.
I use the old tried-and-true "know who you want accessing the machine" and add
those people/ips to hosts.allow, and deny everything else. Works like a charm,
and just keep a public backdoor machine you can use to hop into
Hello!
Dnia 12-03-2006, nie o godzinie 04:50 -0300, Felipe Figueiredo
napisał(a):
> Hello,
>
> once in a while (say, every two weeks) I get a brute-force
> login/password scan attempt in my server (i.e., a single ip tries
I'm changing ssh port to some high random number. This is quite easy,
safe
I wrote a script for just this thing a few months ago. The script I
wrote, when executed from a cronjob, looks over the auth.log. When a
dictionary attack is found, it puts the IP of the attacker in a
peerguardian formatted file. From there, linblock
(http://www.dessent.net/linblock/) is executed
also sprach Michael Loftis <[EMAIL PROTECTED]> [2006.03.12.1159 +0100]:
> The only thing I can say is be *VERY* careful on a busy Linux box.
> iptables sucks. It's sequential, meaning every entry in a list has to be
> processed.
This is not the case. You can branch iptables rulesets to arbitrary
also sprach Felipe Figueiredo <[EMAIL PROTECTED]> [2006.03.12.0850 +0100]:
> Maybe there is a way to temporarily block ips upon such attempts (is
> this a FAQ?), or maybe divert them like what portsentry does for
> portscans?
http://kindergarten.madduck.net/configs/iptables
but there's a problem
also sprach TiB <[EMAIL PROTECTED]> [2006.03.12.0927 +0100]:
> I'm using to limit access from a each address to 3 connections per
> minute. It's easy to set up and works fine using iptables ipt_recent
> module.
Be careful:
http://lists.debian.org/debian-firewall/2006/03/msg00017.html
--
Please
## Felipe Figueiredo ([EMAIL PROTECTED]):
> once in a while (say, every two weeks) I get a brute-force
> login/password scan attempt in my server (i.e., a single ip tries
> dictionary account names and passwords at random). SSH access is
> needed by many users, and (RSA/DSA key)-only access is, a
The only thing I can say is be *VERY* careful on a busy Linux box.
iptables sucks. It's sequential, meaning every entry in a list has to be
processed. Your best bet is to first match TCP SYN packets and jump to
another separate chain ONLY for the SYN packets, then do your deny's there,
and do
Hi!
> Maybe there is a way to temporarily block ips upon such attempts (is
> this a FAQ?), or maybe divert them like what portsentry does for
> portscans?
A friend recommended
http://www.csc.liv.ac.uk/~greg/sshdfilter/
but I didn't try it myself. It runs as a daemon and blocks the IP if
severa
Hello,
* Felipe Figueiredo [Sun, Mar 12, 2006 at 04:50:51AM -0300]:
> once in a while (say, every two weeks) I get a brute-force
> login/password scan attempt in my server (i.e., a single ip tries
> dictionary account names and passwords at random). SSH access is
> needed by many users, and (RSA/
Hi,
On Sun, 2006-03-12 at 04:50 -0300, Felipe Figueiredo wrote:
> Maybe there is a way to temporarily block ips upon such attempts (is
> this a FAQ?), or maybe divert them like what portsentry does for
> portscans?
You might want to have a look at the package denyhosts [1], which seems
to be ab
Felipe Figueiredo wrote:
Hello,
once in a while (say, every two weeks) I get a brute-force
login/password scan attempt in my server (i.e., a single ip tries
dictionary account names and passwords at random). SSH access is
needed by many users, and (RSA/DSA key)-only access is, at present
time,
Hello,
once in a while (say, every two weeks) I get a brute-force
login/password scan attempt in my server (i.e., a single ip tries
dictionary account names and passwords at random). SSH access is
needed by many users, and (RSA/DSA key)-only access is, at present
time, unwanted. So far none such
30 matches
Mail list logo
