Re: stopping ssh attacks

To: debian-user@lists.debian.org
Subject: Re: stopping ssh attacks
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Thu, 16 Jun 2005 12:45:35 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1050616123813.5975B-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 20050616140545.GF31281@tomass.dyndns.org>

On Thu, 16 Jun 2005, Thomas Stivers wrote:

> I have been getting a huge number of attempts to log into my box via ssh
> which fail with invalid username entrys in the logs. Is there already a
> package which will let me look through the logs and dynamically add
> iptables rules to drop anything from these scanning addresses after
> something like 3 attempts. I know I can set up hosts.allow and
> hosts.deny to only allow ssh in from particular ip's, but I'd rather not
> do that. Any suggestions would be appreciated.

"stopping the attacks" ...
	- you can't really stop them

	- all you can do is not reply to those incoming requests

- moving to another port might help, but that prevents your
  own apps from working either if you use ssh to transfer data
  to and from that server unless all your servers is changed
  to use "/dev/randomNumber" for ssh

another simple way ..
	#
	# hosts.deny  file should exists by default in any case
	#
	vi /etc/hosts.deny
		ALL:ALL

		- if you wanna play games, twist the incoming port attempt
		back onto themself ( the attacker )

	vi /etc/hosts.allow
		sshd:  192.168.1.1

all ssh connections from other ip# will be dropped and it doesn't ask
for passwd ( something i want, don't give them that chance )

c ya
alvin

Reply to:

References:
- stopping ssh attacks
  - From: Thomas Stivers <stivers_t@tomass.dyndns.org>

Prev by Date: Re: smaller fonts on boot
Next by Date: Re: setting the umask globally
Previous by thread: Re: stopping ssh attacks
Next by thread: Re: stopping ssh attacks
Index(es):
- Date
- Thread