[SoCoSA/discuss] blocking brute force attacks
Sean
seanvanco at gmail.com
Wed Nov 28 23:44:14 PST 2007
I'm new to this group, and I'm hoping to meet other members at the next meeting.
I'm still feeling my way a bit regarding the finer points of linux
security (Debian Etch in my case), and I'm hoping that some of you can
point me in a good direction on this.
My public IP servers periodically get attacked via brute force login
attempts (FTP and SSH). I've attempted to solve this in the past using
hosts.deny, but it ended up causing too many unwanted positives and
was somewhat difficult to unblock an IP. Would you mind sharing with
me what you've found to be effective? It's obviously hard to
impossible to block non-us IPs from connecting via ftp or ssh, as I
couldn't find anything on this other than what turned into a two-way
flame war.
If any of you have suggestions, or links I can read, I'd appreciate
it. If you think hosts.deny would be a good option, I can always
re-visit it and take another look at the configuration options.
Thank you!
Sean
More information about the discuss
mailing list