List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
I've been getting hit with similar brute force attacks...usually from Korea or China......anyway<br>like the several options listed above I think the less fancy you secure your box the better....<br>really if you want to be able to log in from any number of remote clients like me the best thing
<br>to do is simply change your sshd port. I did that and it solved the problem rather quickly with<br>little disruption to myself....I don't want to have a key with me...to log in with when I travel.<br>An option that I considered that nobody mentioned yet is leaving port 22 closed completely
<br>and then use port knocking to open up the port for 20 seconds or so on your IP (however long<br>you need to log onto the system). The port opens long enough for you to establish a connection<br>and then closes automatically to any new connections, but still allows established traffic through.
<br>Clever idea and pretty simple to impliment...just google for it...I think there is a gentoo wiki howto<br>on it as well.<br><br>Adios.<br><br><div><span class="gmail_quote">On 10/3/05, <b class="gmail_sendername">Christophe Garault
</b> <<a href="mailto:christophe@...">christophe@...</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Jeremy Brake a écrit :<br><br>>Hey all,<br>><br>>I'm looking for an app/script which can monitor for failed ssh logins,<br>>and block using IPTables for $time after $number of failed logins (an<br>>exclusion list would be handy as well) so that I can put a quick stop to
<br>>these niggly brute-force ssh "attacks" I seem to be getting more and<br>>more often.<br>><br>>Anyone have any ideas?<br>><br>><br>Yep: emerge fail2ban (<a href="http://sourceforge.net/projects/fail2ban">
http://sourceforge.net/projects/fail2ban</a>).<br>It's an excellent script written in python that can monitor all<br>unsuccessfull logins (ssh, apache)<br>There's a fail2ban.conf file where you can define many options to<br>
protect you from a Dos.<br><br>>Thanks, Jeremy B<br>><br>><br>Have a nice day.<br><br>--<br>Christophe Garault<br>--<br><a href="mailto:firstname.lastname@example.org">email@example.com</a> mailing list<br><br>