Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
brutal force ssh attack
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
tintinthepirate
n00b
n00b


Joined: 10 Nov 2004
Posts: 5

PostPosted: Mon Mar 28, 2005 6:21 am    Post subject: brutal force ssh attack Reply with quote

Since my home gentoo box has been up and running, I got brutal force ssh attack almost everyday, how do I block these attacks? I was thinking about writing a simple script that monitors /var/log/messages file and adds hosts that fail auth certain times to /etc/hosts.deny file. But I heard that would cause at DOS attack from dumb attack programs?
How do you guys deal with these low-life idiots?
Back to top
View user's profile Send private message
moocha
Watchman
Watchman


Joined: 21 Oct 2003
Posts: 5722

PostPosted: Mon Mar 28, 2005 8:39 am    Post subject: Reply with quote

On hosts where I can be sure to log in via SSH only from a few known hosts, I filter the corresponding port in the INPUT iptables chain, allowing access to it only from those hosts.
On hosts where SSH must be accessible from anywhere, I simply ignore the attacks.

In both cases please note though that I do not use passwords to log into SSH. I use public key authentication. And I strongly advise you do the same. Passwords are on their way out as security devices, and rightly so.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin
Back to top
View user's profile Send private message
Riftwing
Apprentice
Apprentice


Joined: 06 Oct 2002
Posts: 293

PostPosted: Mon Mar 28, 2005 8:52 am    Post subject: Reply with quote

Also if you just throw ssh on a non-standard port, that should make all the automated attempts vanish.
_________________
Good, bad, I'm the guy with the gun. - Ash, Army of Darkness
Back to top
View user's profile Send private message
amne
Bodhisattva
Bodhisattva


Joined: 17 Nov 2002
Posts: 6378
Location: Graz / EU

PostPosted: Mon Mar 28, 2005 9:54 am    Post subject: Reply with quote

Moved fromNetworking & Security.

Please take a look at i got hacked. what were they up to?.
_________________
Dinosaur week! (Ok, this thread is so last week)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum