Security newbie?

To: debian-user@lists.debian.org
Subject: Security newbie?
From: Art Edwards <edwardsa@afrl.kirtland.af.mil>
Date: Wed, 18 Jul 2007 11:09:21 -0600
Message-id: <[🔎] 200707181704.l6IH4slN018426@bell.kirtland.af.mil>
Reply-to: aedward@sandia.gov

I've been running debian @ home and @ work, for years, had no indicationof attacks. Over the last few days, my iptables firewall seemed simplyto stop. I checked my auth log file to find many, many attempts to breakin. My firewall was very simple. I have since added rules to droppackets from offending IP addresses. So, I have a couple of very basicquestions:

1. Are there repositories of offending IP addresses to block? Can/shouldone contribute to these?

2. The attacks never use the same user name more than once. Is there away to block access, even temporarily, from an IP address after a setnumber of attempts, even if the attempts use different user names?


3. Are there other obvious things I should be doing?

Art Edwards

--
Arthur H. Edwards
Senior Research Physicist
Air Force Research Laboratory
AFRL/VSSE
Bldg. 914
3550 Aberdeen Ave. SE
KAFB, NM 87117-5776

(505) 853-6042 (O)
(505) 463-6722 (C)
(505) 846-2290 (F)

Reply to:

Follow-Ups:
- Re: Security newbie?
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: Security newbie?
  - From: "Martin Marcher" <martin.marcher@gmail.com>
- Re: Security newbie?
  - From: Simon Brandmair <sbrandmair@gmx.net>

Prev by Date: Re: FW: Sending Email from script
Next by Date: Re: More fun (not!) with JRE
Previous by thread: Re: More fun (not!) with JRE
Next by thread: Re: Security newbie?
Index(es):
- Date
- Thread