[kwlug-disc] server compromised

L.D. Paniak ldpaniak at fourpisolutions.com
Thu May 14 12:04:17 EDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



john at netdirect.ca wrote:

> 
> Password dictionary attacks are common on SSH ports, just check the logs
> of any system with ssh exposed to the Internet. We have put throttling
> in place to tarpit these attacks and reduce the impact on our logs.
> IPTables can be used for it but the rules are a little complicated and
> can impact how you interact as well. The throttling works like this: if
> an IP address connects more than x times in y minutes the block access
> by this user for z minutes. Be careful not to choose too small of a
> number for x/y or you'll lock yourself out. Don't forget automated SSH
> connections.
>  

DenyHosts (http://denyhosts.sourceforge.net/index.html) trolls auth.log
looking for excessive activity and then can lock suspicious remote users
out.  You do have to be careful not to lock yourself out...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKDEEB8h2PnOHbiQcRAlLIAKCKvWBV+smO4cjEl40OzqqdQBJ/GgCdExBt
HKDlGaoqqxbQAn/3plRaE8o=
=EvR8
-----END PGP SIGNATURE-----



More information about the kwlug-disc_kwlug.org mailing list