On Tue, 2007-04-10 at 12:31 -0400, Kamaraju S Kusumanchi wrote:
> John Hasler wrote:
>
> > Kamaraju S Kusumanchi writes:
> >> iptables look a bit heavy for me
> >
> > "Heavy"? It's already in your kernel. You just aren't using it.
>
> Heavy in terms of the learning curve involved, not in terms
John Hasler wrote:
> Kamaraju S Kusumanchi writes:
>> iptables look a bit heavy for me
>
> "Heavy"? It's already in your kernel. You just aren't using it.
Heavy in terms of the learning curve involved, not in terms of the
memory/CPU used.
raju
--
Kamaraju S Kusumanchi
http://www.people.corn
Kamaraju S Kusumanchi writes:
> iptables look a bit heavy for me
"Heavy"? It's already in your kernel. You just aren't using it.
--
John Hasler
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Kamaraju S Kusumanchi <[EMAIL PROTECTED]> writes:
> Thanks for tip on iptables. iptables look a bit heavy for me (lot of
> reading to do). So currently I am using /etc/hosts.allow,
> /etc/hosts.deny for controlling the IPs which can ssh into this
> machine. If I find them inadequate, I will use ip
On Sat, Apr 07, 2007 at 06:41:22PM -0700, Kamaraju Kusumanchi wrote:
> Turns out that I was dictionary attacked (thanks to
> /var/log/auth.log) via ssh port. The intruder was able to gain access
> to the guest account.
The fail2ban package can be helpful in fighting dictionary attacks.
dt
--
On Mon, Apr 09, 2007 at 09:31:41PM -0400, Kamaraju S Kusumanchi wrote:
> John L Fjellstad wrote:
> >
> > I usually enable the recent module in iptables, which means that you can
> > only login once every 1 minute or so. It usually give the attacker only
> > one try before they get shut down.
>
John L Fjellstad wrote:
>
> I usually enable the recent module in iptables, which means that you can
> only login once every 1 minute or so. It usually give the attacker only
> one try before they get shut down.
>
> Example:
> # allow established and related connection
> /sbin/iptables -A INPUT
Kamaraju Kusumanchi <[EMAIL PROTECTED]> writes:
> Does anyone have suggestions on tightening up the default sshd_config
> file? I read about disabling password authentication mechanism
> completely and using only the key authorization mechanism. But this is
> too inconvenient to stick to. For exam
Rick Pasotto wrote:
Don't use port 22.
Nope:
http://blog.drinsama.de/erich/en/linux/2007021502-false-sense-of-security.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Quoting John Hasler <[EMAIL PROTECTED]>:
> Kamaraju Kusumanchi quotes:
> > Ip: 128.253.28.128
>
> This number belongs to Cornell University. Is that where you are?
>
Yes.
raju
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED
On Sat, Apr 07, 2007 at 06:41:22PM -0700, Kamaraju Kusumanchi wrote:
>
> Does anyone have suggestions on tightening up the default sshd_config
> file? I read about disabling password authentication mechanism
> completely and using only the key authorization mechanism. But this is
> too inconvenien
Quoting Kamaraju Kusumanchi <[EMAIL PROTECTED]>:
> Here is what I have done so far
> 1) I have looked in various log files but could not find any
> suspicious activity.
>
Turns out that I was dictionary attacked (thanks to /var/log/auth.log) via ssh
port. The intruder was able to gain access to
Douglas Allan Tutty wrote:
Should the OP consider that he _has_ been compromized?
It's certainly a possibility but I would think that an incompetent ISP
is more likely than a compromise.
I would echo what someone said earlier in the thread, ask for details
from your ISP. If they can't or (
On Sat, Apr 07, 2007 at 08:33:59PM -0400, Michael Pobega wrote:
> On Sat, Apr 07, 2007 at 03:33:34PM -0700, Kamaraju Kusumanchi wrote:
> > Hi all
> >
> > I am using Debian Etch (currently testing). Today from the abuse
> > department of my ISP, I received the following warning (pasted in
> > the e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Apr 07, 2007 at 03:33:34PM -0700, Kamaraju Kusumanchi wrote:
> Hi all
>
> I am using Debian Etch (currently testing). Today from the abuse
> department of my ISP, I received the following warning (pasted in
> the end). My ISP has suspended my
Kamaraju Kusumanchi quotes:
> Ip: 128.253.28.128
This number belongs to Cornell University. Is that where you are?
--
John Hasler
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kamaraju Kusumanchi escribió:
> Hi all
>
> I am using Debian Etch (currently testing). Today from the abuse
> department of my ISP, I received the following warning (pasted in the end).
> My ISP has suspended my internet connection due to this.
On Sat, 2007-04-07 at 15:33 -0700, Kamaraju Kusumanchi wrote:
> Hi all
>
> I am using Debian Etch (currently testing). Today from the abuse
> department of my ISP, I received the following warning (pasted in the
> end). My ISP has suspended my internet connection due to this.
> However, I am n
On Sat, 2007-04-07 at 15:33 -0700, Kamaraju Kusumanchi wrote:
> Hi all
>
> I am using Debian Etch (currently testing). Today from the abuse
> department of my ISP, I received the following warning (pasted in the
> end). My ISP has suspended my internet connection due to this.
> However, I am n
Hi all
I am using Debian Etch (currently testing). Today from the abuse department
of my ISP, I received the following warning (pasted in the end). My ISP has
suspended my internet connection due to this. However, I am not able to track
down the cause of the problem. I am wondering if anyon
20 matches
Mail list logo
