Hi, guys
Recently I was looking through my logs when I got pissed off (again) by
the big number of lines showing something like 'sshd: auth. error:
unknown user "XXX" from "some IP address"'. I wrote a script which
automatically sets all connections from those IP addresses to be
dropped. Next I d
Hi Daniel
Daniel Iliev wrote on 01/04/07 15:03:
> Recently I was looking through my logs when I got pissed off (again) by
> the big number of lines showing something like 'sshd: auth. error:
> unknown user "XXX" from "some IP address"'. I wrote a script which
> automatically sets all connections
Dave Jones wrote:
> Hi Daniel
>
>
>> My question: what is the best way get this iptables module working w/o
>> diverting too much from the official Gentoo installation. I mean the
>> normal way is to use patch-o-matic to patch iptables source and vanilla
>> kernel source, then build and install.
quoth the Daniel Iliev:
> Next I decided to change "-j DROP" with "-j TARPIT" and I
> realized that gentoo-sources doesn't provide the netfilter
> target "TARPIT". -
> Best regards,
> Daniel
I realize there is a sense of satisfaction from using the TARPIT target that
is appealing, however you m
On Sunday 01 April 2007 14:03, Daniel Iliev wrote:
> Hi, guys
>
> Recently I was looking through my logs when I got pissed off (again) by
> the big number of lines showing something like 'sshd: auth. error:
> unknown user "XXX" from "some IP address"'. I wrote a script which
> automatically sets a
Hi Mick,
Mick wrote on 01/04/07 20:44:
>> Recently I was looking through my logs when I got pissed off (again) by
>> the big number of lines showing something like 'sshd: auth. error:
>> unknown user "XXX" from "some IP address"'. I wrote a script which
>> automatically sets all connections from
Hi Daniel
Daniel Iliev wrote on 01/04/07 19:10:
>>> My question: what is the best way get this iptables module working w/o
>>> diverting too much from the official Gentoo installation. I mean the
>>> normal way is to use patch-o-matic to patch iptables source and vanilla
>>> kernel source, then bu
First of all thanks for your replies, guys!
I'll try to answer to all of you in one (longer) response:
Dave Jones wrote:
>
> Daniel complained about the sshd messages, not iptables messages.
>
> I fully agree that he should implement pub/priv key authentication, but
> even so, that will not preve
On Sun, Apr 01, 2007 at 11:49:06AM -0600, darren kirby wrote:
> I realize there is a sense of satisfaction from using the TARPIT target that
> is appealing, however you must consider:
>
> 1. These ssh bruteforce attacks are almost certainly coming from a zombie
> botnet, and thus there is no hum
On Sun, Apr 01, 2007 at 04:03:48PM +0300, Daniel Iliev wrote:
> Hi, guys
>
> Recently I was looking through my logs when I got pissed off (again) by
> the big number of lines showing something like 'sshd: auth. error:
> unknown user "XXX" from "some IP address"'. I wrote a script which
> automati
Ryan Curtin wrote:
> Instead of using iptables, you may want to try DenyHosts
> (app-admin/denyhosts). It's a simple Python script that parses through
> /var/log/secure (or whatever your sshd logs to) and finds IPs who have
> failed authentication a certain number of times, then adds those IPs to
Hi Daniel
Daniel Iliev wrote on 03/04/07 05:13:
> test ~ # cd /usr/src
> test src # rm -rf linu*
> test src # emerge -C gentoo-sources ; emerge gentoo-sources
> test src # svn co https://svn.netfilter.org/netfilter/trunk/iptables
> test iptables # cd iptables
> test iptables # svn update
> At revi
Hi Daniel
Daniel Iliev wrote on 03/04/07 05:13:
> Unfortunately I had no luck. Clean kernel, the latest patch-o-matic, the
> latest iptables and the same result. Obviously gentoo-sources is
> incompatible with tar pit module. ;-(
I just tried your update process and ended up with the same failure
Dave, I'm grateful for all your ideas and everything you did to help me
and to confirm my results. I'm postponing this little experiment of mine
until I have more free time.
Thank you, guys, I appreciate your replies!
--
Best regards,
Daniel
--
gentoo-user@gentoo.org mailing list
Dave Jones wrote:
> I just tried your update process and ended up with the same failure.
> Seems you might be right about the gentoo-sources being incompatible
> with the tarpit module.
>
>
I installed the TARPIT and GEOIP modules using PoM just a few days ago
on two servers. Both are using gent
15 matches
Mail list logo
