Re: [Fwd: security]

To: debian-security@lists.debian.org
Subject: Re: [Fwd: security]
From: "Jeffrey L. Taylor" <jeff@austinblues.dyndns.org>
Date: Sun, 30 Jan 2005 09:29:45 -0600
Message-id: <[🔎] 20050130152945.GA25142@maelstorm.bearhouse.lan>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20050129180500.GA14703@maelstorm.bearhouse.lan>
References: <[🔎] 1107011135.20873.2.camel@localhost.localdomain> <[🔎] 20050129154426.GA8809@mail.braingia.org> <[🔎] 20050129180500.GA14703@maelstorm.bearhouse.lan>

This requires the ipt_recent IPtables module, among others, and it is
in 2.4.22+ and 2.6 kernels.  Both in testing.  And requires upgrading
libc6, so use at your own risk.

Jeffrey

Quoting Jeffrey L. Taylor <jeff@austinblues.dyndns.org>:
> A possible improvement:
> 
> http://www.soloport.com/iptables.html
> 
> Quoting Steve Suehring <dsec@braingia.org>:
> > 
> > Could it be this?
> > 
> > http://lists.sans.org/pipermail/intrusions/2004-August/008357.html
> > 
> > You didn't specify which usernames were being used, so it's tough to 
> > tell if that's the same.
> > 
> > A couple of simple and quick things that I might do if this was a
> > concern:
> > 
> > -Setup an iptables firewall on the boxen running SSH and only allow
> > certain hosts to get to port 22.  Alternately, you might consider
> > denying access through tcpwrappers, though I much prefer the iptables
> > method.
> > 
> > -Make sure that PermitRootLogin is set to no in your
> > /etc/ssh/sshd_config.  Some might argue the necessity or effectiveness
> > of this measure but it is another step you can take to help defend the
> > computer.
> > 
> > I'm sure others have appropriate suggestions as well.
> > 
> > Steve
> > 
> > 
> > On Sat, Jan 29, 2005 at 03:05:35PM +0000, michael wrote:
> > > On debian-user it was suggested I also post this here, thanks, Michael
> > > From: michael <linux@networkingnewsletter.org.uk>
> > > To: debian user <debian-user@lists.debian.org>
> > > Subject: security
> > > Date: Fri, 28 Jan 2005 09:46:31 +0000
> > > I notice that frequently many machines around here get attacked by a
> > > potential hacker (a prog I guess) trying lots of usernames to get in to
> > > all the machines, using the same set of usernames at the same time. Have
> > > people seen this on their machines? I'm guessing it's a virus/worm on a
> > > Windows box doing this but does anybody know more? 
> > > 
> > > I've followed & done most of the suggestions listed in chpts 4 & 5 of
> > > "Securing Debian" HowTo/Manual although I will admit to not following
> > > and therefore not having got around to firewalling. Other suggestions
> > > most welcome.
> > > 
> > > Thanks
> > 
> > 
> 
>

Reply to:

References:
- [Fwd: security]
  - From: michael <linux@networkingnewsletter.org.uk>
- Re: [Fwd: security]
  - From: Steve Suehring <dsec@braingia.org>
- Re: [Fwd: security]
  - From: "Jeffrey L. Taylor" <jeff@austinblues.dyndns.org>

Prev by Date: Re: [Fwd: security]
Next by Date: {Spam?} Re: woody kernel image
Previous by thread: Re: [Fwd: security]
Next by thread: Re: [Fwd: security]
Index(es):
- Date
- Thread