NOUSER
Vivek J. Patankar
list307 at gmail.com
Tue Aug 7 21:20:30 UTC 2007
Rick Stevens wrote:
> I have iptables rules that only allow ssh tries from our networks or
> machines I know of. To wit:
>
> # Accept SSH from our networks...
> -A INPUT -s aaa.bbb.ccc.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
> -A INPUT -s ddd.eee.fff.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
> # Accept SSH from my machine at home...
> -A INPUT -s ggg.hhh.iii.jjj/32 -p tcp -m tcp --dport 22 -j ACCEPT
> (more rules...)
>
> At the end, put in a blanket "don't allow SSH from anywhere else" rule:
>
> # Block any ssh attempts from outside our network...
> -A INPUT -i eth0 -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j
> REJECT --reject-with icmp-port-unreachable
I have restricted access to specific IPs only using hosts.deny and
hosts.allow. That does the job for me. And there is a dedicated firewall
sitting between the server and the Web which allows only SSH connections
to come through.
> If you must leave ssh open to the outside world, use a simple iptables
> ruleset to limit attempts:
*snip*
> If more than one ssh attempt is made in 180 seconds (three minutes)
> from a given IP address, this blocks that IP address for that duration.
> You get one try. If you fail, you must wait 3 minutes before you can
> try again.
>
> Note that even a successful login is counted. If you log in and
> immediately log out, you still have to wait 3 minutes to get in again.
>
> Change the "--hitcount 2" bits to "--hitcount 3" if you want to give
> yourself two tries to get in. You can also change the "--seconds 180"
> to "--seconds 300" to make the delay 5 minutes. The values I give above
> are enough to discourage most script kiddie attempts to get into your
> box.
This is an excellent idea! Thanks a lot.
My original concern, more of a curiosity really, was about the username
NOUSER. I've be getting attempts for root ever since this server went
live. But never for "NOUSER".
--
Regards,
विवेक ज. पाटणकर (Vivek J. Patankar)
Registered Linux User #374218
Fedora release 7 (Moonshine)
Linux 2.6.22.1-33.fc7 x86_64
My USB drives automount! :p
More information about the users
mailing list