Re: [Fwd: security]
A possible improvement:
Quoting Steve Suehring <firstname.lastname@example.org>:
> Could it be this?
> You didn't specify which usernames were being used, so it's tough to
> tell if that's the same.
> A couple of simple and quick things that I might do if this was a
> -Setup an iptables firewall on the boxen running SSH and only allow
> certain hosts to get to port 22. Alternately, you might consider
> denying access through tcpwrappers, though I much prefer the iptables
> -Make sure that PermitRootLogin is set to no in your
> /etc/ssh/sshd_config. Some might argue the necessity or effectiveness
> of this measure but it is another step you can take to help defend the
> I'm sure others have appropriate suggestions as well.
> On Sat, Jan 29, 2005 at 03:05:35PM +0000, michael wrote:
> > On debian-user it was suggested I also post this here, thanks, Michael
> > From: michael <email@example.com>
> > To: debian user <firstname.lastname@example.org>
> > Subject: security
> > Date: Fri, 28 Jan 2005 09:46:31 +0000
> > I notice that frequently many machines around here get attacked by a
> > potential hacker (a prog I guess) trying lots of usernames to get in to
> > all the machines, using the same set of usernames at the same time. Have
> > people seen this on their machines? I'm guessing it's a virus/worm on a
> > Windows box doing this but does anybody know more?
> > I've followed & done most of the suggestions listed in chpts 4 & 5 of
> > "Securing Debian" HowTo/Manual although I will admit to not following
> > and therefore not having got around to firewalling. Other suggestions
> > most welcome.
> > Thanks