[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security newbie?



On Wed, Jul 18, 2007 at 11:09:21AM -0600, Art Edwards wrote:
> I've been running debian @ home and @ work, for years, had no indication of 
> attacks. Over the last few days, my iptables firewall seemed simply to 
> stop. I checked my auth log file to find many, many attempts to break in. 
> My firewall was very simple. I have since added rules to drop packets from 
> offending IP addresses. So, I have a couple of very basic questions:
>
> 1. Are there repositories of offending IP addresses to block? Can/should 
> one contribute to these?
>
> 2. The attacks never use the same user name more than once. Is there a way 
> to block access, even temporarily, from an IP address after a set number of 
> attempts, even if the attempts use different user names?

fail2ban automatically bans ip's after a specified number of
failures. The ban only last 30minutes or so, but that should be enough
to deter most... and still let you in if you make a mistake.

>
> 3. Are there other obvious things I should be doing?

make sure you aren't running any services you don't need and keep your
firewall up-to-date. and make sure your services have sensible configs
in place, too... I'm guessing your looking at ssh attempts -- switch
to pubkey authentication if you can and turn off password/challenge-response.

A

Attachment: signature.asc
Description: Digital signature


Reply to: