Hi,
today when I was checking the server log I got many external
attempts to connect to my sshd service:
...
Jun 5 05:09:45 embedded sshd[4740]: Invalid user barbara from x.y.w.z
Jun 5 05:09:46 embedded sshd[4742]: Invalid user barb from x.y.w.z
Jun 5 05:09:48 embedded sshd[4744]:
Try use Denyhosts ... no problem with bruteforce attacks anymore. Denyhosts
add the IP of the attacker to the /etc/hosts.deny file.
Install it with:
ACCEPT_KEYWORDS=~x86 emerge denyhosts
and add to your /etc/crontab
*/10 * * * * root python /usr/bin/denyhosts -c /etc/denyhosts.conf
Use it
On Monday 5 June 2006 17:06, Leandro Melo de Sales wrote:
Hi,
today when I was checking the server log I got many external
attempts to connect to my sshd service:
...
Jun 5 05:09:45 embedded sshd[4740]: Invalid user barbara from x.y.w.z
Jun 5 05:09:46 embedded sshd[4742]: Invalid user
On 05 June 2006 16:06, Leandro Melo de Sales wrote:
Hi,
today when I was checking the server log I got many external
attempts to connect to my sshd service:
...
Jun 5 05:09:45 embedded sshd[4740]: Invalid user barbara from x.y.w.z
Jun 5 05:09:46 embedded sshd[4742]: Invalid user barb
On Mon, Jun 05, 2006 at 05:27:24PM +0200, Oliver Schmidt wrote:
this seems to be a brute force attack, but one thing that worried me
is why sshd didn't disconnect the remote host after 3 unsuccessful
attemps? If we see in the log, there are many attemps with time
interval between attemps
Try port knocking. It is very effective.
Your ssh port will be closed until you successfully hit certain number
of ports and even though the ssh port will be open only to the IP
address that successfully opened the port all others will see ssh port
as closed.
--
#Joseph
On Mon, 2006-06-05 at
Do Programs like denyhosts work with other protocols? Such as POP or
FTP?
-Original Message-
From: Joseph [mailto:[EMAIL PROTECTED]
Sent: Monday, June 05, 2006 11:32 AM
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] SSH authentication attempts - serious issue
Try port
Yes, but how can I do it?
2006/6/5, Joseph [EMAIL PROTECTED]:
Try port knocking. It is very effective.
Your ssh port will be closed until you successfully hit certain number
of ports and even though the ssh port will be open only to the IP
address that successfully opened the port all others
2006/6/5, Leandro Melo de Sales [EMAIL PROTECTED]:
Yes, but how can I do it?
2006/6/5, Joseph [EMAIL PROTECTED]:
Try port knocking. It is very effective.
Your ssh port will be closed until you successfully hit certain number
of ports and even though the ssh port will be open only to the IP
How can I recompiler openssh to support tcpwrapper? I can't find
/etc/hosts.allow neither /etc/hosts.deny. Is there something missing?
Is there a way to put tcpwrapper as a turned on option for all
programs that supports it?
Specifically for openssh I edit /etc/portage/package.use file and put:
On Mon, Jun 05, 2006 at 02:15:34PM -0300, Leandro Melo de Sales wrote:
How can I recompiler openssh to support tcpwrapper? I can't find
/etc/hosts.allow neither /etc/hosts.deny. Is there something missing?
Is there a way to put tcpwrapper as a turned on option for all
programs that supports
On Mon, 5 Jun 2006, Oliver Schmidt wrote:
Hi,
today when I was checking the server log I got many external
attempts to connect to my sshd service:
...
Jun 5 05:09:45 embedded sshd[4740]: Invalid user barbara from x.y.w.z
Jun 5 05:09:46 embedded sshd[4742]: Invalid user barb
Yes, Petr is right.
On my system I have port knocking running on a firewall FreeSCO.
Freesco has a port-knocking module that you load.
That is the best setup.
--
#Joseph
this should help you : http://gentoo-wiki.com/HOWTO_Port_Knocking
Works well
Petr
--
gentoo-user@gentoo.org mailing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Leandro Melo de Sales wrote:
How can I recompiler openssh to support tcpwrapper? I can't find
/etc/hosts.allow neither /etc/hosts.deny. Is there something missing?
Is there a way to put tcpwrapper as a turned on option for all
programs that
2006/6/5, Jeremy Olexa [EMAIL PROTECTED]:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Leandro Melo de Sales wrote:
How can I recompiler openssh to support tcpwrapper? I can't find
/etc/hosts.allow neither /etc/hosts.deny. Is there something missing?
Is there a way to put tcpwrapper as a
15 matches
Mail list logo