Re: Find out host of IP
On Sun, 10 Jun 2007 20:20:05 -0400
Kamaraju S Kusumanchi <kamaraju@bluebottle.com> wrote:
> David Baron wrote:
>
> > Someone is trying to ssh on to my system. Trying on several
> > ports. Not the first time, either. Thankfully, he does not have
> > a password. Besides a bunch of Deprecated option
> > ReverseMappingCheck, so far no harm done.
> >
> > Since my logs have this IP number, how do I find out who it is?
>
> Not exactly answering your question. But I do see a lot of IPs
> performing dictionary attacks on my machine. What I do is go
> through /var/log/auth.log periodically and add the offending IPs
> to /etc/hosts.deny . That way, in future, the offending IPs cannot
> perform any dictionary attacks. I currently have around 85 IPs in
> this list (starting Apr 10, 2007) :-)
>
> You should also disable remote root logins to make the machine
> more secure.
>
> hth
> raju
> --
If you use Shorewall to help create a firewall, just add:
- - 1/min:2
after the entries that open ports for ssh.
It limits anyone to 2 tries during any 1 minute interval, then drops
them.
Sorry. I don't know how to handle that using plain IPTables.
--
Raquel
============================================================
The legitimate powers of government extend to such acts only as are
injurious to others. But it does me no injury for my neighbor to say
there are twenty gods or no God. It neither picks my pocket nor
breaks my leg.
--Thomas Jefferson
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: