On Fri, 11 Feb 2005, Michael Thompson wrote:
Try this
Good idea (not) - someone could spoof your IP and lock you out of your own
machine...
--
--
gentoo-user@gentoo.org mailing list
On Fri, 11 Feb 2005, Matt Garman wrote:
Another idea, and I've only read about this (no actual experience),
but may be worth looking into: port knocking. The basic concept
is that you would keep your ssh port closed *all* the time. You
need a secret knock to open the port. The knocking
Quoting A. Khattri [EMAIL PROTECTED]:
On Fri, 11 Feb 2005, Michael Thompson wrote:
Try this
Good idea (not) - someone could spoof your IP and lock you out of your own
machine...
You could put a exception in the script for that IP, or the Interface, ie
your
local network interface is not blocked,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Walter Dnes wrote:
| On Thu, Feb 10, 2005 at 10:27:13PM -0500, R'twick Niceorgaw wrote
|
|
|In that case, if I ever on the road/ at a friend's house, I will not
|be able to access my box. If I knew all the addresses that I'll be
|connecting from, then
On Thu, Feb 10, 2005 at 10:27:13PM -0500, R'twick Niceorgaw wrote
In that case, if I ever on the road/ at a friend's house, I will not
be able to access my box. If I knew all the addresses that I'll be
connecting from, then it would have been the best thing.
Can you carry around your ssh
Quoting Walter Dnes [EMAIL PROTECTED]:
On Thu, Feb 10, 2005 at 10:27:13PM -0500, R'twick Niceorgaw wrote
In that case, if I ever on the road/ at a friend's house, I will not
be able to access my box. If I knew all the addresses that I'll be
connecting from, then it would have been the
You could sing in for a free shell account (www.rootshell.be), and allow
access from their ip/network only - when you are away you can hoop via the
free account to your machine, adjust firewall and carry on. Shell providers
won't allow scanner running on their machines :)
--
R'twick Niceorgaw wrote:
Hi all,
Recently I'm receiving a lot of failed ssh login attempts on my box for
user root as well as a whole lot of other users which doesn't even
exist. I'm getting tired of blocking these IPs manually everyday.
Is there any software that can look in the logs and put
Hi Heniz,
On Fri, February 11, 2005 12:59 am, Heinz Sporn said:
Just out of curiousity - have you ever thought of allowing ssh only over
a VPN? Like say OpenVPN?
No, I haven't played with that idea yet as I haven't yet played with vpn
stuff. Will take a shot at it this weekend.
Thanks
Thanks Stoian
I never even thought of this. Will definitely try it. Seems the easiest
way. Will also try to implement openvpn as pointed by Heinz.
-R'twick
On Fri, February 11, 2005 3:59 am, Stoian Ivanov said:
You could sing in for a free shell account (www.rootshell.be), and allow
access
The original poster was requesting a way to automatically block
suspicious IPs. Lots of good responses.
Another idea, and I've only read about this (no actual experience),
but may be worth looking into: port knocking. The basic concept
is that you would keep your ssh port closed *all* the
Hi all,
Recently I'm receiving a lot of failed ssh login attempts on my box for
user root as well as a whole lot of other users which doesn't even
exist. I'm getting tired of blocking these IPs manually everyday.
Is there any software that can look in the logs and put these IPs in
iptables to drop
R'twick Niceorgaw wrote:
Hi all,
Recently I'm receiving a lot of failed ssh login attempts on my box for
user root as well as a whole lot of other users which doesn't even
exist. I'm getting tired of blocking these IPs manually everyday.
Is there any software that can look in the logs and put
R'twick Niceorgaw wrote:
Hi all,
Recently I'm receiving a lot of failed ssh login attempts on my box for
user root as well as a whole lot of other users which doesn't even
exist. I'm getting tired of blocking these IPs manually everyday.
Is there any software that can look in the logs and put
Hi Micheal,
Thanks a lot for the quick response and seems this is pretty much what I
really needed. However, just a minor problem and i'm not that strong in
sed to fix it.
In the /scripts/bad-ips file, I get entries like
222.98.152.130 port 60800 ssh2
222.98.152.130 port 60830 ssh2
222.98.152.130
Hi Michael,
On Fri, 2005-02-11 at 03:02 +, Michael Thompson wrote:
Sorry, should have looked before posting!
I dont block any more, no point. The IP's change so frequently, I have
never seen the same IP in any multiple attempts.
Yeah they change but they continue till I block them
R'twick Niceorgaw wrote:
Hi Micheal,
Thanks a lot for the quick response and seems this is pretty much what I
really needed. However, just a minor problem and i'm not that strong in
sed to fix it.
In the /scripts/bad-ips file, I get entries like
222.98.152.130 port 60800 ssh2
222.98.152.130 port
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
R'twick Niceorgaw wrote:
| Hi all,
| Recently I'm receiving a lot of failed ssh login attempts on my box for
| user root as well as a whole lot of other users which doesn't even
| exist. I'm getting tired of blocking these IPs manually everyday.
| Is
On Fri, 2005-02-11 at 03:16 +, Michael Thompson wrote:
R'twick Niceorgaw wrote:
Can you post a line from your log so I can see what it looks like. That
code works fine on syslog-ng and the latest SSHD. Make sure that you
change Your ip address in what you post.
Feb 9 10:35:36
Mike Noble wrote:
| -R'twick
Your firewall should block all incoming ssh and only allow ssh from
address that you allow. This way you do not have to keep a list of
all the bad address just a list of all the good ones.
Mike
Good point, why did I not think of that! ;)
--
gentoo-user@gentoo.org
Hi Mike,
On Thu, 2005-02-10 at 19:22 -0800, Mike Noble wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
R'twick Niceorgaw wrote:
| Hi all,
| Recently I'm receiving a lot of failed ssh login attempts on my box for
| user root as well as a whole lot of other users which doesn't even
|
R'twick Niceorgaw wrote:
On Fri, 2005-02-11 at 03:16 +, Michael Thompson wrote:
R'twick Niceorgaw wrote:
Can you post a line from your log so I can see what it looks like. That
code works fine on syslog-ng and the latest SSHD. Make sure that you
change Your ip address in what you post.
Michael,
On Fri, 2005-02-11 at 03:35 +, Michael Thompson wrote:
Try running this on your log by hand and see what you get back, if it
works Ok, just modify it to fit in to the script.
grep Failed password for illegal user /var/log/messages | sed -e
's/.*user [^\ ]\+ from //' -e 's/
Just out of curiousity - have you ever thought of allowing ssh only over
a VPN? Like say OpenVPN?
Am Donnerstag, den 10.02.2005, 21:50 -0500 schrieb R'twick Niceorgaw:
Hi all,
Recently I'm receiving a lot of failed ssh login attempts on my box for
user root as well as a whole lot of other
24 matches
Mail list logo
