Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Oliver Schmidt
Hi, today when I was checking the server log I got many external attempts to connect to my sshd service: ... Jun 5 05:09:45 embedded sshd[4740]: Invalid user barbara from x.y.w.z Jun 5 05:09:46 embedded sshd[4742]: Invalid user barb from x.y.w.z Jun 5 05:09:48 embedded sshd[4744]:

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Richard Broersma Jr
Try use Denyhosts ... no problem with bruteforce attacks anymore. Denyhosts add the IP of the attacker to the /etc/hosts.deny file. Install it with: ACCEPT_KEYWORDS=~x86 emerge denyhosts and add to your /etc/crontab */10 * * * * root python /usr/bin/denyhosts -c /etc/denyhosts.conf Use it

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Etaoin Shrdlu
On Monday 5 June 2006 17:06, Leandro Melo de Sales wrote: Hi, today when I was checking the server log I got many external attempts to connect to my sshd service: ... Jun 5 05:09:45 embedded sshd[4740]: Invalid user barbara from x.y.w.z Jun 5 05:09:46 embedded sshd[4742]: Invalid user

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Uwe Thiem
On 05 June 2006 16:06, Leandro Melo de Sales wrote: Hi, today when I was checking the server log I got many external attempts to connect to my sshd service: ... Jun 5 05:09:45 embedded sshd[4740]: Invalid user barbara from x.y.w.z Jun 5 05:09:46 embedded sshd[4742]: Invalid user barb

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Willie Wong
On Mon, Jun 05, 2006 at 05:27:24PM +0200, Oliver Schmidt wrote: this seems to be a brute force attack, but one thing that worried me is why sshd didn't disconnect the remote host after 3 unsuccessful attemps? If we see in the log, there are many attemps with time interval between attemps

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Joseph
Try port knocking. It is very effective. Your ssh port will be closed until you successfully hit certain number of ports and even though the ssh port will be open only to the IP address that successfully opened the port all others will see ssh port as closed. -- #Joseph On Mon, 2006-06-05 at

RE: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread CR Little
Do Programs like denyhosts work with other protocols? Such as POP or FTP? -Original Message- From: Joseph [mailto:[EMAIL PROTECTED] Sent: Monday, June 05, 2006 11:32 AM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] SSH authentication attempts - serious issue Try port

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Leandro Melo de Sales
Yes, but how can I do it? 2006/6/5, Joseph [EMAIL PROTECTED]: Try port knocking. It is very effective. Your ssh port will be closed until you successfully hit certain number of ports and even though the ssh port will be open only to the IP address that successfully opened the port all others

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Leandro Melo de Sales
2006/6/5, Leandro Melo de Sales [EMAIL PROTECTED]: Yes, but how can I do it? 2006/6/5, Joseph [EMAIL PROTECTED]: Try port knocking. It is very effective. Your ssh port will be closed until you successfully hit certain number of ports and even though the ssh port will be open only to the IP

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Leandro Melo de Sales
How can I recompiler openssh to support tcpwrapper? I can't find /etc/hosts.allow neither /etc/hosts.deny. Is there something missing? Is there a way to put tcpwrapper as a turned on option for all programs that supports it? Specifically for openssh I edit /etc/portage/package.use file and put:

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Justin R Findlay
On Mon, Jun 05, 2006 at 02:15:34PM -0300, Leandro Melo de Sales wrote: How can I recompiler openssh to support tcpwrapper? I can't find /etc/hosts.allow neither /etc/hosts.deny. Is there something missing? Is there a way to put tcpwrapper as a turned on option for all programs that supports

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Steven Susbauer
On Mon, 5 Jun 2006, Oliver Schmidt wrote: Hi, today when I was checking the server log I got many external attempts to connect to my sshd service: ... Jun 5 05:09:45 embedded sshd[4740]: Invalid user barbara from x.y.w.z Jun 5 05:09:46 embedded sshd[4742]: Invalid user barb

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Joseph
Yes, Petr is right. On my system I have port knocking running on a firewall FreeSCO. Freesco has a port-knocking module that you load. That is the best setup. -- #Joseph this should help you : http://gentoo-wiki.com/HOWTO_Port_Knocking Works well Petr -- gentoo-user@gentoo.org mailing

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Jeremy Olexa
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leandro Melo de Sales wrote: How can I recompiler openssh to support tcpwrapper? I can't find /etc/hosts.allow neither /etc/hosts.deny. Is there something missing? Is there a way to put tcpwrapper as a turned on option for all programs that

Re: [gentoo-user] SSH authentication attempts - serious issue

2006-06-05 Thread Leandro Melo de Sales
2006/6/5, Jeremy Olexa [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leandro Melo de Sales wrote: How can I recompiler openssh to support tcpwrapper? I can't find /etc/hosts.allow neither /etc/hosts.deny. Is there something missing? Is there a way to put tcpwrapper as a