Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.development.apps > #261

Re: Security problem

Path csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!feeder.news-service.com!border3.nntp.ams.giganews.com!Xl.tags.giganews.com!border1.nntp.ams.giganews.com!nntp.giganews.com!local2.nntp.ams.giganews.com!nntp.lyse.net!news.lyse.net.POSTED!not-for-mail
NNTP-Posting-Date Fri, 02 Sep 2011 09:21:37 -0500
Date Fri, 02 Sep 2011 16:19:48 +0200
From David Brown <david@westcontrol.removethisbit.com>
User-Agent Mozilla/5.0 (Windows NT 5.1; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1
MIME-Version 1.0
Newsgroups comp.os.linux.development.apps
Subject Re: Security problem
References <j3jrp5$534$1@speranza.aioe.org> <cd90j8-mnq.ln1@crazy-horse.bildanet.com>
In-Reply-To <cd90j8-mnq.ln1@crazy-horse.bildanet.com>
Content-Type text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding 7bit
Message-ID <5LadnfB9uvXse_3TnZ2dnUVZ7oGdnZ2d@lyse.net> (permalink)
Lines 29
X-Usenet-Provider http://www.giganews.com
X-AuthenticatedUsername NoAuthUser
X-Trace sv3-3a9z4xAI+UOwR9dUa60/P8oYLDE72Fqw9Z/TOYAONx2CG/39BQoyXB/iOrDnoiYjq1V1fGuecM4o/8T!nK4Pa6u964oFlUJkVXJy7w9DgzPxAG5cLbd8EqimE5ZNv04hrP4eIcYDC8NJhgCLCWEz1dtKAVaW!WrOq
X-Complaints-To abuse@altibox.no
X-Abuse-and-DMCA-Info Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info Otherwise we will be unable to process your complaint properly
X-Postfilter 1.3.40
X-Original-Bytes 2237
Xref x330-a1.tempe.blueboxinc.net comp.os.linux.development.apps:261

Show key headers only | View raw

On 31/08/2011 01:47, GangGreene wrote:
> jacob navia wrote:
>
>> I have several computers that try to enter my machine via
>> ssh. My log files are swamped by this people trying all
>> possible user names several times a second.
>>
>> Is there a way to tell the ssh daemon to stop accepting more than 1
>> request each minute after it fails (say) 3 times?
>>
>> Something like the "login" behavior?
>>
>> Thanks in advance for any help
>
>
> http://hostingfu.com/article/ssh-dictionary-attack-prevention-with-iptables
>
> http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-
> ssh-brute-force-attacks.html
>
>

Am I right in thinking that the "recent" limiting applies limits to a 
particular source IP, while "-m limit" (which I have used often) applies 
the limit to all incoming traffic that hits the rule?

The easiest and most effective step to limiting dictionary attacks is 
simply to use a non-standard port.  Put your sshd on port 222 instead of 
22, and no attacker will ever find it.

Back to comp.os.linux.development.apps | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Security problem jacob navia <jacob@spamsink.net> - 2011-08-31 01:29 +0200
  Re: Security problem GangGreene <GangGreene@invalid.com> - 2011-08-30 19:47 -0400
    Re: Security problem jacob navia <jacob@spamsink.net> - 2011-08-31 02:20 +0200
    Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-09-02 16:19 +0200
      Re: Security problem Noob <root@127.0.0.1> - 2011-12-01 11:24 +0100
        Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-01 13:11 +0100
          Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 13:34 +0000
            Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-01 16:19 +0100
              Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 17:10 +0000
                Re: Security problem David Brown <david.brown@removethis.hesbynett.no> - 2011-12-01 23:17 +0100
                Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 22:34 +0000
                Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-02 10:25 +0100
                Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-12-02 10:37 +0000
                Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-02 14:44 +0000
                Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-02 17:11 +0100
                Re: Security problem André Gillibert <MetaEntropy.removeThis@gmail.com> - 2011-12-03 11:45 +0100
                Re: Security problem Noob <root@127.0.0.1> - 2011-12-05 13:26 +0100
  Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-01 11:47 -0400
    Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-01 17:01 +0100
      Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-01 15:48 -0400
        Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-01 22:44 +0100
          Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 14:27 +0100
      Re: Security problem Jasen Betts <jasen@xnet.co.nz> - 2011-09-02 11:06 +0000
        Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 13:49 +0100
          Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-02 13:58 -0400
            Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 19:31 +0100
  Re: Security problem "Ersek, Laszlo" <lacos@caesar.elte.hu> - 2011-09-01 21:01 +0200

csiph-web