1 |
Which brings me back to my original idea, of only allowing your IP's to |
2 |
connect to SSH on your servers, and just drop everything else, problem |
3 |
solved. |
4 |
|
5 |
|
6 |
|
7 |
On 10/4/05, Kyle Lutze <kyle@×××××××××××.com> wrote: |
8 |
> |
9 |
> Dave Strydom wrote: |
10 |
> |
11 |
> You know what would be seriously awesome, is if they have a type of RBL |
12 |
> listing for this kind of thing, and you could just link your iptables up to |
13 |
> the rbl listings. |
14 |
> |
15 |
> (for those of you who don't know how rbl's work) |
16 |
> |
17 |
> Example, I see this in my auth.log: |
18 |
> ------------------------------------------- |
19 |
> Sep 28 03:20:42 cerberus sshd[20136]: Address 209.50.253.203<http://209.50.253.203>maps to |
20 |
> srv.warofthering.net <http://srv.warofthering.net>, but this does not map |
21 |
> back to the address - POSSIBLE BREAKIN ATTEM |
22 |
> PT! |
23 |
> Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from |
24 |
> 209.50.253.203 <http://209.50.253.203> |
25 |
> Sep 28 03:20:43 cerberus sshd[20141]: Address 209.50.253.203<http://209.50.253.203>maps to |
26 |
> srv.warofthering.net <http://srv.warofthering.net>, but this does not map |
27 |
> back to the address - POSSIBLE BREAKIN ATTEM |
28 |
> PT! |
29 |
> Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from |
30 |
> 209.50.253.203 <http://209.50.253.203> |
31 |
> Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from |
32 |
> 209.50.253.203 <http://209.50.253.203> |
33 |
> Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from |
34 |
> 209.50.253.203 <http://209.50.253.203> |
35 |
> ------------------------------------------- |
36 |
> |
37 |
> I could then submit the IP address to a RBL listing site, and then all |
38 |
> people who plugin to the rbl listing could update their firewalls with the |
39 |
> latest listing. |
40 |
> |
41 |
> Just an idea, i dont know how hard it would be to do? |
42 |
> |
43 |
> Dave |
44 |
> |
45 |
> That will never happen. The reason being stated plenty of times over, but |
46 |
> I'll state them again: |
47 |
> |
48 |
> * Many of those addresses are from dynamic IPs |
49 |
> |
50 |
> * Some may be using fake IPs that you login from, it would suck to have |
51 |
> you banned from your own server |
52 |
> |
53 |
> * if anybody can submit to an RBL you would have the whole world added to |
54 |
> that RBL in no time because somebody will get the bright idea to do so. |
55 |
> |
56 |
> In short, bad idea. |
57 |
> |
58 |
> Kyle |
59 |
> |