At 04:37 PM 8/21/2008, Brooks Davis wrote:
On Thu, Aug 21, 2008 at 10:10:42PM +0200, Rink Springer wrote:
> On Thu, Aug 21, 2008 at 01:03:09PM -0700, Jeremy Chadwick wrote:
> > Finally, consider moving to pf instead, if you really feel ipfw is
> > what's causing your machine to crash. You might
At 12:38 PM 8/21/2008, Mikhail Teterin wrote:
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180
Aug 12 10
On Thu, 21 Aug 2008 16:28:05 -0400
Mikhail Teterin <[EMAIL PROTECTED]> wrote:
> Myself -- and the owner of the box -- travel quite a bit, ssh-ing "home"
> from anywhere in the world.
why not setup a SSL-based vpn ? lock everything down except the port of the
vpn. try openvpn.
> Although we co
On Thu, 21 Aug 2008 13:03:09 -0700
Jeremy Chadwick <[EMAIL PROTECTED]> wrote:
> A different approach: consider putting sshd on a different port, rather
> than the default of 22. A lot of people I know do this, solely to
> decrease the number of brute-force attempts you see above; I've never
> see
There are many excellent suggestions on how to deal with invalid/unauthorised
access attempts via ssh. I'd used sshguard for around 8 months but recently
changed to bruteblock, both are in the ports/security. sshguard was very easy
to configure, via rc.conf arguments. Bruteblock handled the
On Thu, 21 Aug 2008, Mikhail Teterin wrote:
Surely you don't have that many users who SSH into the NAT router from
random public IPs all over the world, rather than via the LAN? Surely
if you yourself often SSH into your NAT router from a Blackberry device,
that you wouldn't have much of a pr
Ross Wheeler написав(ла):
I overcame these conflicting requirements with a 2-step process. They
"authorised" user first browsed to a website which asked their
username and password. When entered correctly, it opened a hole in the
firewall to allow that IP to their network. A timer ran every 15
I do something related to this with fwlogwatch although it can probably
be adapted to any similar tool; when I hit the 'block' threshold, I
execute something like:
#!/bin/sh
HR=`date "+%-k"`
/sbin/ipfw table 0 add $3 ${HR}
.. so each entry has a tag indicating the hour at which the block was
init
Kevin Oberman wrote:
Date: Thu, 21 Aug 2008 13:38:38 -0400
From: Mikhail Teterin <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug
On Thu, Aug 21, 2008 at 10:10:42PM +0200, Rink Springer wrote:
> On Thu, Aug 21, 2008 at 01:03:09PM -0700, Jeremy Chadwick wrote:
> > Finally, consider moving to pf instead, if you really feel ipfw is
> > what's causing your machine to crash. You might be pleasantly surprised
> > by the syntax, an
Jeremy Chadwick написав(ла):
The above looks like sshguard.
Yes, several people have pointed this out. Thanks!
I've personally never trusted something that *automatically* adjusts firewall
rules based on data read from text
logs or packets coming in off the Internet. The risks involved are in
On Thu, Aug 21, 2008 at 01:03:09PM -0700, Jeremy Chadwick wrote:
> Finally, consider moving to pf instead, if you really feel ipfw is
> what's causing your machine to crash. You might be pleasantly surprised
> by the syntax, and overall administrative usability (it is significantly
> superior to i
Mikhail Teterin pisze:
Hello!
A machine I manage remotely for a friend comes under a distributed ssh
break-in attack every once in a while. Annoyed (and alarmed) by the
messages like:
Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180
Aug 12 10:21:18 symbion sshd[433
On Thu, Aug 21, 2008 at 01:38:38PM -0400, Mikhail Teterin wrote:
> Hello!
>
> A machine I manage remotely for a friend comes under a distributed ssh
> break-in attack every once in a while. Annoyed (and alarmed) by the
> messages like:
>
> Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv
I haven't explored this issue enough to speak with any authority - but
once upon a time I had an app doing tons of ipfw rule add/removes all
the time and we had no end of performance and stability problems on
that box (this would have been in 4.x or so timeline I expect). As
that approac
Mikhail Teterin <[EMAIL PROTECTED]> writes:
> A machine I manage remotely for a friend comes under a distributed ssh
> break-in attack every once in a while. Annoyed (and alarmed) by the
> messages like:
>
> Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180
> Aug 12 10:21
Neil Neely написав(ла):
I haven't explored this issue enough to speak with any authority - but
once upon a time I had an app doing tons of ipfw rule add/removes all
the time and we had no end of performance and stability problems on
that box (this would have been in 4.x or so timeline I expect)
David Wolfskill написав(ла):
While the amount of work involved was assuredly greater in that case
than in yours, those of us who were actually building and running the
relays in question were very unsurprised when Postfix performance
improved significantly following a redesign of the applicatio
> Date: Thu, 21 Aug 2008 13:38:38 -0400
> From: Mikhail Teterin <[EMAIL PROTECTED]>
> Sender: [EMAIL PROTECTED]
>
> Hello!
>
> A machine I manage remotely for a friend comes under a distributed ssh
> break-in attack every once in a while. Annoyed (and alarmed) by the
> messages like:
>
> Aug 1
On Thu, Aug 21, 2008 at 01:38:38PM -0400, Mikhail Teterin wrote:
> ...
> I wrote an awk-script, which adds a block of the attacking IP-address to
> the ipfw-rules after three such "invalid user" attempts with:
>
>ipfw add 550 deny ip from ip
>
> The script is fed by syslogd directly -- throu
20 matches
Mail list logo