am I hacked?
Keith G. Robertson-Turner
fedora-gmane.00003 at genesis-x.nildram.co.uk
Mon Apr 23 21:39:35 UTC 2007
Verily I say unto thee, that Scott van Looy spake thusly:
> On Apr 22 Keith G. Robertson-Turner did spake thusly:
>
>> Verily I say unto thee, that Manuel Arostegui Ramirez spake thusly:
>>> El Domingo, 22 de Abril de 2007 02:50, Keith G. Robertson-Turner
>>> escribió:
>>
>>>> I have hundreds off ssh attacks every day. Just make sure you have a
>>>> *very* secure password (or don't forward ssh from the router).
>>>>
>>>> I also use "denyhosts" which I've found extremely useful (it's in
>>>> extras).
>>
>>> That plus some kind of app such as fail2ban to permit only like like
>>> 3 attemps
>>> of login
>>
>> Denyhosts already does that.
>>
>> I'll check out fail2ban though, it's always nice to have alternatives.
>
> iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \
> recent --set
> iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \
> recent --update --seconds 60 --hitcount 4 -j DROP
>
> This'll drop anything over 4 connections from an IP within 60 seconds -
> might also be of use for an SSH attack
Good tip.
However, denyhosts is primarily used for failed *logins* (no such user,
wrong password, etc.), rather than the above, which is really DDoS
protection.
My router already handles the DDoS stuff.
--
K.
http://slated.org
.----
| I found [Vista] to be a dangerously unstable operating system,
| which has caused me to lose data ... unfortunately this product
| is unfit for any user. - [H]ardOCP, <http://tinyurl.com/3bpfs2>
`----
Fedora Core release 5 (Bordeaux) on sky, running kernel 2.6.20-1.2312.fc5
22:38:21 up 6 days, 20:10, 2 users, load average: 0.46, 0.48, 0.34
More information about the users
mailing list