Re: [opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
Onsdag 20 december 2006 08:23 skrev Charles philip Chan: > On 19 Dec 2006, [EMAIL PROTECTED] wrote: > > Is there anything to accomplish this for SuSE? > > I use Snort in conjunction with blockit.pl. > > Charles denyhosts.sourceforge.net -- -- Med venlig hilsen/Best regards Verner Kjærsgaard -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
Patrick Shanahan wrote: > * J Sloan <[EMAIL PROTECTED]> [12-19-06 21:06]: >> hmm, I always limit the allowed IPs in hosts.{deny.allow} and also >> limit the list of users who can login via ssh in sshd_config - saves >> a lot of overhead if we just close the door, rather than trying to >> dance with these folks... > > > Yes, best practice but not practical if you run a server for public > access. Or is there a way to *only* block ssh access and allow http? By IP-address with hosts.deny/allow ? Sure. See "man 5 hosts_access". /Per Jessen, Zürich -- http://www.spamchek.com/ - managed email security. Starting at SFr4/user/month. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
On 19 Dec 2006, [EMAIL PROTECTED] wrote: > Yes, best practice but not practical if you run a server for public > access. Or is there a way to *only* block ssh access and allow http? Yes, use Snort, and tweak the rules to your liking. You can block access by using Flex-reponse (built into Snort) or something like blockit.pl. Charles -- panic("Yeee, unsupported cache architecture."); linux-2.6.6/arch/mips/mm/cache.c pgpOA6EErCr8e.pgp Description: PGP signature
Re: [opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
On 19 Dec 2006, [EMAIL PROTECTED] wrote: > Is there anything to accomplish this for SuSE? I use Snort in conjunction with blockit.pl. Charles -- "Are [Linux users] lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software?" (By Matt Welsh) pgpV7l2P3D5Z2.pgp Description: PGP signature
Re: [opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
[EMAIL PROTECTED] wrote: > > I get gobs of messages like this in /var/log/messages: > > Dec 19 14:27:41 shoehorn sshd[11058]: Invalid user manager from > 200.222.17.14 > Dec 19 14:27:44 shoehorn sshd[11062]: Invalid user majordomo from > 200.222.17.14 > Dec 19 14:27:54 shoehorn sshd[11070]: Invalid user master from > 200.222.17.14 > Dec 19 14:28:06 shoehorn sshd[11080]: Invalid user named from > 200.222.17.14 > Dec 19 14:28:09 shoehorn sshd[11084]: Invalid user nasa from > 200.222.17.14 > Dec 19 14:28:16 shoehorn sshd[11088]: Invalid user netdump from > 200.222.17.14 > Dec 19 14:28:36 shoehorn sshd[11100]: Invalid user nfsnobody from > 200.222.17.14 > Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from > 200.222.17.14 > > ... on an older machine, I use fail2ban to look for this kind of > harassment and block the IP for some amount of time. > > Is there anything to accomplish this for SuSE? http://lists.suse.com/archive/suse-security/2005-Dec/0069.html This works really well. /Per Jessen, Zürich -- http://www.spamchek.com/ - managed email security. Starting at SFr4/user/month. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
> I get gobs of messages like this in /var/log/messages: > > Dec 19 14:27:41 shoehorn sshd[11058]: Invalid user manager from > 200.222.17.14 > Dec 19 14:27:44 shoehorn sshd[11062]: Invalid user majordomo from > 200.222.17.14 > Dec 19 14:27:54 shoehorn sshd[11070]: Invalid user master from > 200.222.17.14 > Dec 19 14:28:06 shoehorn sshd[11080]: Invalid user named from > 200.222.17.14 > Dec 19 14:28:09 shoehorn sshd[11084]: Invalid user nasa from > 200.222.17.14 > Dec 19 14:28:16 shoehorn sshd[11088]: Invalid user netdump from > 200.222.17.14 > Dec 19 14:28:36 shoehorn sshd[11100]: Invalid user nfsnobody from > 200.222.17.14 > Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from > 200.222.17.14 > > ... on an older machine, I use fail2ban to look for this kind of > harassment and block the IP for some amount of time. > > Is there anything to accomplish this for SuSE? > > I'm running SuSE 10.1. We have run our ssh server on an alternate port and have not had one unauthorized attempt in over 15 months. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
* J Sloan <[EMAIL PROTECTED]> [12-19-06 21:06]: > hmm, I always limit the allowed IPs in hosts.{deny.allow} and also > limit the list of users who can login via ssh in sshd_config - saves > a lot of overhead if we just close the door, rather than trying to > dance with these folks... Yes, best practice but not practical if you run a server for public access. Or is there a way to *only* block ssh access and allow http? -- Patrick ShanahanRegistered Linux User #207535 http://wahoo.no-ip.org@ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
[EMAIL PROTECTED] wrote: I get gobs of messages like this in /var/log/messages: Dec 19 14:27:41 shoehorn sshd[11058]: Invalid user manager from 200.222.17.14 Dec 19 14:27:44 shoehorn sshd[11062]: Invalid user majordomo from 200.222.17.14 Dec 19 14:27:54 shoehorn sshd[11070]: Invalid user master from 200.222.17.14 Dec 19 14:28:06 shoehorn sshd[11080]: Invalid user named from 200.222.17.14 Dec 19 14:28:09 shoehorn sshd[11084]: Invalid user nasa from 200.222.17.14 Dec 19 14:28:16 shoehorn sshd[11088]: Invalid user netdump from 200.222.17.14 Dec 19 14:28:36 shoehorn sshd[11100]: Invalid user nfsnobody from 200.222.17.14 Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from 200.222.17.14 ... on an older machine, I use fail2ban to look for this kind of harassment and block the IP for some amount of time. Is there anything to accomplish this for SuSE? I'm running SuSE 10.1. hmm, I always limit the allowed IPs in hosts.{deny.allow} and also limit the list of users who can login via ssh in sshd_config - saves a lot of overhead if we just close the door, rather than trying to dance with these folks... Joe -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [12-19-06 18:19]: > Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from > 200.222.17.14 > > ... on an older machine, I use fail2ban to look for this kind of > harassment and block the IP for some amount of time. > > Is there anything to accomplish this for SuSE? > > I'm running SuSE 10.1. me 2 I use DenyHosts, http://www.denyhosts.net but there is no openSUSE rpm for installing. I used the python installer provided with the tar-ball. -- Patrick ShanahanRegistered Linux User #207535 http://wahoo.no-ip.org@ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
I get gobs of messages like this in /var/log/messages: Dec 19 14:27:41 shoehorn sshd[11058]: Invalid user manager from 200.222.17.14 Dec 19 14:27:44 shoehorn sshd[11062]: Invalid user majordomo from 200.222.17.14 Dec 19 14:27:54 shoehorn sshd[11070]: Invalid user master from 200.222.17.14 Dec 19 14:28:06 shoehorn sshd[11080]: Invalid user named from 200.222.17.14 Dec 19 14:28:09 shoehorn sshd[11084]: Invalid user nasa from 200.222.17.14 Dec 19 14:28:16 shoehorn sshd[11088]: Invalid user netdump from 200.222.17.14 Dec 19 14:28:36 shoehorn sshd[11100]: Invalid user nfsnobody from 200.222.17.14 Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from 200.222.17.14 ... on an older machine, I use fail2ban to look for this kind of harassment and block the IP for some amount of time. Is there anything to accomplish this for SuSE? I'm running SuSE 10.1. Thanks! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]