On Thu, 21 Aug 2008 16:58:45 +0200, Michael Tautschnig writes:
>> * use a Firewall to prevent other IP address to connect to your ssh
>> service. restrict just to yours (iptables script can be easy to find on
>> the web)
>Well, I should have added that my hosts must be world-wide accessible using
>
On Thu, Aug 21, 2008 at 7:58 AM, Michael Tautschnig <[EMAIL PROTECTED]> wrote:
>> Third use a non standart ssh port (for example ) apt-get install fail2ban
>>
> I'm not a huge fan of security by obscurity, so I'd rather stick with 22 for
> now.
>
"Security by obscurity" is a perfectly valid _FA
> Third use a non standart ssh port (for example )
Michael Tautschnig <[EMAIL PROTECTED]> wrote:
> I'm not a huge fan of security by obscurity, so I'd rather stick with 22 for
> now.
Try it before you dismiss it out of hand.
Chris
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subjec
If you have an existing userbase, you can't just switch to public key
authentication, depending on the type of customer. pubkey auth is also
generally inconvenient if people tend to use different computers.
This is also a problem we just ran into. Fortunately, recent versions of
OpenSSH support
Michael Tautschnig wrote:
Hi all,
since two days (approx.) I'm seeing an extremely high number of apparently
coordinated (well, at least they are trying the same list of usernames) brute
force attempts from IP addresses spread all over the world. I've got denyhosts
and an additional iptables bas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Tautschnig wrote:
>> Yes, but could I really expect police to act "just because of a
>> bunch of hosts
>> being under attack?" And even more so, could I expect any police of
>> foreign countries to react?
No, probably not right now. But as mo
* Michael Tautschnig <[EMAIL PROTECTED]> [2008-08-21 09:24-0400]:
> > * Michael Tautschnig <[EMAIL PROTECTED]> [2008-08-21 07:35-0400]:
> > > Hi all,
> > >
> > > since two days (approx.) I'm seeing an extremely high number of apparently
> > > coordinated (well, at least they are trying the same li
* Jakov Sosic <[EMAIL PROTECTED]> [2008-08-21 09:11-0400]:
> On Thursday 21 August 2008 16:57:27 Max Zimmermann wrote:
>
> > The problem with reporting the IPs is, that it can become a very big
> > task, as the number of IPs denyhosts blocks increases.
>
> You can always write a script that will
> * Michael Tautschnig <[EMAIL PROTECTED]> [2008-08-21 07:35-0400]:
> > Hi all,
> >
> > since two days (approx.) I'm seeing an extremely high number of apparently
> > coordinated (well, at least they are trying the same list of usernames)
> > brute
> > force attempts from IP addresses spread all
> Assuming that your system is secured as well as can be, and that your
> question is not about how to fend off attacks but rather how to stop your
> attackers from being able to continue, isn't this the kind of thing that the
> police or other law enforcement agencies would normally investigate?
>
* Michael Tautschnig <[EMAIL PROTECTED]> [2008-08-21 07:35-0400]:
> Hi all,
>
> since two days (approx.) I'm seeing an extremely high number of apparently
> coordinated (well, at least they are trying the same list of usernames) brute
> force attempts from IP addresses spread all over the world. I
On Thursday 21 August 2008 16:57:27 Max Zimmermann wrote:
> The problem with reporting the IPs is, that it can become a very big
> task, as the number of IPs denyhosts blocks increases.
You can always write a script that will send an email after every SSH
bruteforce attack to a mail address from
On Thu, 21 Aug 2008, Michael Tautschnig wrote:
> > * use a Firewall to prevent other IP address to connect to your ssh
> > service. restrict just to yours (iptables script can be easy to find on
> > the web)
> Well, I should have added that my hosts must be world-wide accessible using
> password-ba
Max Zimmermann schrieb:
> Michael Tautschnig schrieb:
>
>> Hi all,
>>
>> since two days (approx.) I'm seeing an extremely high number of apparently
>> coordinated (well, at least they are trying the same list of usernames) brute
>> force attempts from IP addresses spread all over the world. I've
Michael Tautschnig schrieb:
> Hi all,
>
> since two days (approx.) I'm seeing an extremely high number of apparently
> coordinated (well, at least they are trying the same list of usernames) brute
> force attempts from IP addresses spread all over the world. I've got denyhosts
> and an additional i
> Hi,
>
> * use a Firewall to prevent other IP address to connect to your ssh
> service. restrict just to yours (iptables script can be easy to find on
> the web)
Well, I should have added that my hosts must be world-wide accessible using
password-based authentication, so this is no option.
> * u
Assuming that your system is secured as well as can be, and that your
question is not about how to fend off attacks but rather how to stop your
attackers from being able to continue, isn't this the kind of thing that the
police or other law enforcement agencies would normally investigate?
Sam
Hi,
* use a Firewall to prevent other IP address to connect to your ssh
service. restrict just to yours (iptables script can be easy to find on
the web)
* use Fail2ban which can ban ssh auth failure and create iptables rules.
(google can help your search about fail2ban)
Third use a non standart ss
On Thu, Aug 21, 2008 at 10:33 AM, Michael Tautschnig <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> since two days (approx.) I'm seeing an extremely high number of apparently
> coordinated (well, at least they are trying the same list of usernames) brute
> force attempts from IP addresses spread all over
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Tautschnig wrote:
> Nevertheless, I'd like to do something about it more proactively, so I also
> contact the abuse mailboxes as obtained from whois.
Thats pretty much the only thing you can do about it. But one should not
be too hopeful tha
> On Thu, Aug 21, 2008 at 04:33:51PM +0200, Michael Tautschnig wrote:
>
> > Further, what do you guys do about such attacks? Just sit back and hope
> > they don't get hold of any passwords? Any ideas are welcome...
>
> Port knocking is a useful technique I've employed several times on boxes
> whe
Hi all,
since two days (approx.) I'm seeing an extremely high number of apparently
coordinated (well, at least they are trying the same list of usernames) brute
force attempts from IP addresses spread all over the world. I've got denyhosts
and an additional iptables based firewall solution in plac
22 matches
Mail list logo
