Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Jerry Eastmanhouser <fuct.it@...>
Subject: Re: [OT?] automatically firewalling off IPs
Date: Mon, 3 Oct 2005 04:29:05 -0400
I've been getting hit with similar brute force attacks...usually from Korea or China......anyway<br>like the several options listed above I think the less fancy you secure your box the better....<br>really if you want to be able to log in from any number of remote clients like me the best thing
<br>to do is simply change your sshd port.&nbsp; I did that and it solved the problem rather quickly with<br>little disruption to myself....I don't want to have a key with me...to log in with when I travel.<br>An option that I considered that nobody mentioned yet is leaving port 22 closed completely
<br>and then use port knocking to open up the port for 20 seconds or so on your IP (however long<br>you need to log onto the system).&nbsp; The port opens long enough for you to establish a connection<br>and then closes automatically to any new connections, but still allows established traffic through.
<br>Clever idea and pretty simple to impliment...just google for it...I think there is a gentoo wiki howto<br>on it as well.<br><br>Adios.<br><br><div><span class="gmail_quote">On 10/3/05, <b class="gmail_sendername">Christophe Garault
</b> &lt;<a href="mailto:christophe@...">christophe@...</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Jeremy Brake a écrit :<br><br>&gt;Hey all,<br>&gt;<br>&gt;I'm looking for an app/script which can monitor for failed ssh logins,<br>&gt;and block using IPTables for $time after $number of failed logins (an<br>&gt;exclusion list would be handy as well) so that I can put a quick stop to
<br>&gt;these niggly brute-force ssh &quot;attacks&quot; I seem to be getting more and<br>&gt;more often.<br>&gt;<br>&gt;Anyone have any ideas?<br>&gt;<br>&gt;<br>Yep: emerge fail2ban (<a href="http://sourceforge.net/projects/fail2ban">
http://sourceforge.net/projects/fail2ban</a>).<br>It's an excellent script written in python that can monitor all<br>unsuccessfull logins (ssh, apache)<br>There's a fail2ban.conf file where you can define many options to<br>
protect you from a Dos.<br><br>&gt;Thanks, Jeremy B<br>&gt;<br>&gt;<br>Have a nice day.<br><br>--<br>Christophe Garault<br>--<br><a href="mailto:gentoo-security@g.o">gentoo-security@g.o</a> mailing list<br><br>
</blockquote></div><br>
References:
[OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- Christophe Garault
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
Re: [OT?] automatically firewalling off IPs
Next by date:
Re: [OT?] automatically firewalling off IPs


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.