[SoCoSA/discuss] blocking brute force attacks
Erik Alfkin
mystic at moonpearl.org
Thu Nov 29 07:06:38 PST 2007
Check out this article: http://www.debian-administration.org/articles/187. I haven't tried this myself; I had intended to but our network guy set up some rules in the outward-facing Cisco firewall instead. We haven't had any problems since (except, of course, for the massive DoS attack the next day...).
> -------- Original Message --------
> Subject: [SoCoSA/discuss] blocking brute force attacks
> From: Sean <seanvanco at gmail.com>
> Date: Wed, November 28, 2007 11:44 pm
> To: discuss at socosa.org
>
> I'm new to this group, and I'm hoping to meet other members at the next meeting.
>
> I'm still feeling my way a bit regarding the finer points of linux
> security (Debian Etch in my case), and I'm hoping that some of you can
> point me in a good direction on this.
>
> My public IP servers periodically get attacked via brute force login
> attempts (FTP and SSH). I've attempted to solve this in the past using
> hosts.deny, but it ended up causing too many unwanted positives and
> was somewhat difficult to unblock an IP. Would you mind sharing with
> me what you've found to be effective? It's obviously hard to
> impossible to block non-us IPs from connecting via ftp or ssh, as I
> couldn't find anything on this other than what turned into a two-way
> flame war.
>
> If any of you have suggestions, or links I can read, I'd appreciate
> it. If you think hosts.deny would be a good option, I can always
> re-visit it and take another look at the configuration options.
>
> Thank you!
>
>
> Sean
>
> _______________________________________________
> SoCoSA discuss mailing list
> discuss at socosa.org
> Your address: mystic at moonpearl.org
> http://socosa.org/mailman/listinfo/discuss
> http://socosa.org/mailman/options/discuss/mystic%40moonpearl.org
More information about the discuss
mailing list