Re: matchlimit - Georgi Alexandrov

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Georgi Alexandrov <tehlists@hotpop.com>
To: netfilter@lists.netfilter.org
Subject: Re: matchlimit
Date: Wed, 20 Apr 2005 14:46:40 +0300	[thread overview]
Message-ID: <42664120.4090700@hotpop.com> (raw)
In-Reply-To: <4266383E.5000002@eccotours.dyndns.org>

Brent Clark wrote:

> Hi all
>
> What would be the recommended the rule for matchlimit FROM a specfic
> ipaddess.
>
> Last night I found that I was a victim of a dictionary brute force 
> attack.
>
> From what I gather I can see that no access was granted.
>
> If anyone has any tip, advice, etc it would be most appreciated.
>
> Kind Regards
> Brent Clark
>
> ====================================================================
> Copy and paste below from logwatch
> ====================================================================
>
>    --------------------- SSHD Begin ------------------------
> Failed logins from these:
>      Ionutz/password from 80.84.248.224: 1 Time(s)
>      Melk/password from 80.84.248.224: 1 Time(s)
>      aaron/password from 80.84.248.224: 1 Time(s)
>     

*snip*

> Illegal user portmap from 80.84.248.224
> Illegal user x from 80.84.248.224
> Illegal user jas from 80.84.248.224
>    ---------------------- SSHD End -------------------------
>    ###################### LogWatch End #########################
>
>

This will be kind of pointless too (baning ip addresses after they have 
attacked you) ... like having an umbrella but after the rain has stopped.
The better solution (my opinion) will be to secure your sshd to the 
highest level possible.
tips:
keep it up to date,
use strong passwords (long, containing numbers, special characters, up 
and lower case),
change the default port sshd listens to,
allow only ssh version 2,
disable password authentication at all and use pub/priv keys if possible,
allow only specific users and/or groups if possible,
disable root logins,
and finally, if possible (i don't like this option but someone may find 
it useful) - allow connections to the sshd port only from trusted/known 
ip addresses.

Everything written above is just my point of view and is concerning openssh.

regards,
Georgi Alexandrov

next prev parent reply	other threads:[~2005-04-20 11:46 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-20 11:08 matchlimit Brent Clark
2005-04-20 11:46 ` Georgi Alexandrov [this message]
2005-04-20 22:39 ` matchlimit Taylor, Grant

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42664120.4090700@hotpop.com \
    --to=tehlists@hotpop.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.