Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.development.apps > #261
| Date | 2011-09-02 16:19 +0200 |
|---|---|
| From | David Brown <david@westcontrol.removethisbit.com> |
| Newsgroups | comp.os.linux.development.apps |
| Subject | Re: Security problem |
| References | <j3jrp5$534$1@speranza.aioe.org> <cd90j8-mnq.ln1@crazy-horse.bildanet.com> |
| Message-ID | <5LadnfB9uvXse_3TnZ2dnUVZ7oGdnZ2d@lyse.net> (permalink) |
On 31/08/2011 01:47, GangGreene wrote: > jacob navia wrote: > >> I have several computers that try to enter my machine via >> ssh. My log files are swamped by this people trying all >> possible user names several times a second. >> >> Is there a way to tell the ssh daemon to stop accepting more than 1 >> request each minute after it fails (say) 3 times? >> >> Something like the "login" behavior? >> >> Thanks in advance for any help > > > http://hostingfu.com/article/ssh-dictionary-attack-prevention-with-iptables > > http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent- > ssh-brute-force-attacks.html > > Am I right in thinking that the "recent" limiting applies limits to a particular source IP, while "-m limit" (which I have used often) applies the limit to all incoming traffic that hits the rule? The easiest and most effective step to limiting dictionary attacks is simply to use a non-standard port. Put your sshd on port 222 instead of 22, and no attacker will ever find it.
Back to comp.os.linux.development.apps | Previous | Next — Previous in thread | Next in thread | Find similar
Security problem jacob navia <jacob@spamsink.net> - 2011-08-31 01:29 +0200
Re: Security problem GangGreene <GangGreene@invalid.com> - 2011-08-30 19:47 -0400
Re: Security problem jacob navia <jacob@spamsink.net> - 2011-08-31 02:20 +0200
Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-09-02 16:19 +0200
Re: Security problem Noob <root@127.0.0.1> - 2011-12-01 11:24 +0100
Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-01 13:11 +0100
Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 13:34 +0000
Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-01 16:19 +0100
Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 17:10 +0000
Re: Security problem David Brown <david.brown@removethis.hesbynett.no> - 2011-12-01 23:17 +0100
Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 22:34 +0000
Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-02 10:25 +0100
Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-12-02 10:37 +0000
Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-02 14:44 +0000
Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-02 17:11 +0100
Re: Security problem André Gillibert <MetaEntropy.removeThis@gmail.com> - 2011-12-03 11:45 +0100
Re: Security problem Noob <root@127.0.0.1> - 2011-12-05 13:26 +0100
Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-01 11:47 -0400
Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-01 17:01 +0100
Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-01 15:48 -0400
Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-01 22:44 +0100
Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 14:27 +0100
Re: Security problem Jasen Betts <jasen@xnet.co.nz> - 2011-09-02 11:06 +0000
Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 13:49 +0100
Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-02 13:58 -0400
Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 19:31 +0100
Re: Security problem "Ersek, Laszlo" <lacos@caesar.elte.hu> - 2011-09-01 21:01 +0200
csiph-web