Blacklist & Whilelist IP's from server?
Rick Wagner
wagnerric at condor.cxo.cpqcorp.net
Wed Aug 3 23:34:12 UTC 2005
On Wednesday 03 August 2005 6:22 am, Lonnie wrote:
> Greeting All,
>
> I have a Fedora 3 server up and running and I have noticed various IP's
> in my logs trying to hack SSH, APACHE, or email for example and even
> though I am running the built-in firewall through the "setup" program, I
> would like to know if there is some additional application that I can
> add that I can blacklist, and whilelist IP from connecting to my server
> at all?
>
> I am sure that there is something out there, but not sure what you might
> recommend?
>
As recommended in another reply, you need to evaluate whether you need ssh
open through the firewall. If so what are your needs? Is it for your
personal convenience, or a public service? If it for your personal
convenience (I use it to login to home from work), white list only the IP's
of those systems you use (using iptables), and silently drop the rest. There
is always someone new running a port scanner, and you will spend half your
life maintaining a black list. BTW, port scanners are smart enough to detect
simply changing the SSH port numbers, so don't rely on that.
If you will only use a few known systems, disable username/password login in
sshd_config ("PasswordAuthentication no"), and only allow key login. This
will block username guessing. You will then need to put the public keys from
your remote systems onto your target system. Also, disable root login, again
in sshd_config ("PermitRootLogin no").
Home this helps.
--rick
> Thanks all,
> Lonnie
More information about the users
mailing list