Re: Security newbie?

To: debian-user@lists.debian.org
Subject: Re: Security newbie?
From: "Martin Marcher" <martin.marcher@gmail.com>
Date: Thu, 19 Jul 2007 05:15:36 +0200
Message-id: <[🔎] db90db6e0707182015t4bcdd534sffbfe49a9da59991@mail.gmail.com>
In-reply-to: <[🔎] 200707181704.l6IH4slN018426@bell.kirtland.af.mil>
References: <[🔎] 200707181704.l6IH4slN018426@bell.kirtland.af.mil>

On 7/18/07, Art Edwards <edwardsa@afrl.kirtland.af.mil> wrote:

1. Are there repositories of offending IP addresses to block? Can/should
one contribute to these?


denyhosts does that for you
also have a look at fail2ban which can drop IPs for a certain amount
of time after a certain amount of certain logmessages, which are
certainly configurable and certainly i haven't written a sentence yet
that matches the substring <you know which one> that often.

2. The attacks never use the same user name more than once. Is there a
way to block access, even temporarily, from an IP address after a set
number of attempts, even if the attempts use different user names?


fail2ban

3. Are there other obvious things I should be doing?


if it's ssh - it just obscurity but I found that 90% of the script
kiddies won't hit you if you move your port elsewhere

hth
martin

Reply to:

References:
- Security newbie?
  - From: Art Edwards <edwardsa@afrl.kirtland.af.mil>

Prev by Date: gtablix
Next by Date: Re: gtablix
Previous by thread: Re: Security newbie?
Next by thread: Re: Security newbie?
Index(es):
- Date
- Thread