Re: [Fwd: security]
A possible improvement:
http://www.soloport.com/iptables.html
Quoting Steve Suehring <dsec@braingia.org>:
>
> Could it be this?
>
> http://lists.sans.org/pipermail/intrusions/2004-August/008357.html
>
> You didn't specify which usernames were being used, so it's tough to
> tell if that's the same.
>
> A couple of simple and quick things that I might do if this was a
> concern:
>
> -Setup an iptables firewall on the boxen running SSH and only allow
> certain hosts to get to port 22. Alternately, you might consider
> denying access through tcpwrappers, though I much prefer the iptables
> method.
>
> -Make sure that PermitRootLogin is set to no in your
> /etc/ssh/sshd_config. Some might argue the necessity or effectiveness
> of this measure but it is another step you can take to help defend the
> computer.
>
> I'm sure others have appropriate suggestions as well.
>
> Steve
>
>
> On Sat, Jan 29, 2005 at 03:05:35PM +0000, michael wrote:
> > On debian-user it was suggested I also post this here, thanks, Michael
> > From: michael <linux@networkingnewsletter.org.uk>
> > To: debian user <debian-user@lists.debian.org>
> > Subject: security
> > Date: Fri, 28 Jan 2005 09:46:31 +0000
> > I notice that frequently many machines around here get attacked by a
> > potential hacker (a prog I guess) trying lots of usernames to get in to
> > all the machines, using the same set of usernames at the same time. Have
> > people seen this on their machines? I'm guessing it's a virus/worm on a
> > Windows box doing this but does anybody know more?
> >
> > I've followed & done most of the suggestions listed in chpts 4 & 5 of
> > "Securing Debian" HowTo/Manual although I will admit to not following
> > and therefore not having got around to firewalling. Other suggestions
> > most welcome.
> >
> > Thanks
>
>
Reply to: