A possible improvement: http://www.soloport.com/iptables.html
Quoting Steve Suehring <[EMAIL PROTECTED]>: > > Could it be this? > > http://lists.sans.org/pipermail/intrusions/2004-August/008357.html > > You didn't specify which usernames were being used, so it's tough to > tell if that's the same. > > A couple of simple and quick things that I might do if this was a > concern: > > -Setup an iptables firewall on the boxen running SSH and only allow > certain hosts to get to port 22. Alternately, you might consider > denying access through tcpwrappers, though I much prefer the iptables > method. > > -Make sure that PermitRootLogin is set to no in your > /etc/ssh/sshd_config. Some might argue the necessity or effectiveness > of this measure but it is another step you can take to help defend the > computer. > > I'm sure others have appropriate suggestions as well. > > Steve > > > On Sat, Jan 29, 2005 at 03:05:35PM +0000, michael wrote: > > On debian-user it was suggested I also post this here, thanks, Michael > > From: michael <[EMAIL PROTECTED]> > > To: debian user <debian-user@lists.debian.org> > > Subject: security > > Date: Fri, 28 Jan 2005 09:46:31 +0000 > > I notice that frequently many machines around here get attacked by a > > potential hacker (a prog I guess) trying lots of usernames to get in to > > all the machines, using the same set of usernames at the same time. Have > > people seen this on their machines? I'm guessing it's a virus/worm on a > > Windows box doing this but does anybody know more? > > > > I've followed & done most of the suggestions listed in chpts 4 & 5 of > > "Securing Debian" HowTo/Manual although I will admit to not following > > and therefore not having got around to firewalling. Other suggestions > > most welcome. > > > > Thanks > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]