[SoCoSA/discuss] blocking brute force attacks

Sean seanvanco at gmail.com
Thu Nov 29 14:48:15 PST 2007 

Goodness, I did not expect such a massive response. Thank you for the
wealth of suggestions. Many of them parallel what I've been
considering. I think I'm going to like it here.

Kevin Benson has hit the mark closest to my situation regarding my
lack of ability to restrict access, and I apologize to everyone for
not providing more information. I'll do that here, using Kevin's
response:

This is a web server (web, email, ftp, ssh, etc), and is something I
maintain outside of my Network Administration job. The primary server
is located in a Sonic rack.

1) I do have very little control of who accesses my system, as each
individual has an account (no anonymous logins allowed, but using
proftpd in a chrooted environment). I don't allow ssh at the moment,
and don't have to for awhile, so that will give me time to implement
chrooted ssh access. I may have some control over password complexity,
but I'll have to look into that more as I haven't come across that as
of yet.

I am running a control panel/scripting software that takes care of
many tasks for me, making my administration needs on these servers
much easier to manage.

2) I have literally no idea where users connect from, and those that I
do I know they have dynamic IP DSL/cable internet, so I can't set up a
white list (which would have to be painfully large even if I could put
it together)

3) The users, thank goodness, DON'T need unfettered access to my
systems. They will be quite happy in their little chrooted space. I
can nail that down a little more with SSH chrooting as many here have
mentioned. I'll look more into the non-US IPs, but I'm not sure that I
want to restrict access to potential users in other countries.

It looks like denyhosts is my best option without having to do manual
configurations. I'll give it a try again and see if I can work the
settings to be a better fit this time.

I'll look into the IP addresses Frank mentioned, but I'm not sure if
I'll go that route.

Thanks for all your help and I'll keep you informed of my progress. If
anyone has anything else to contribute I'll appreciate hearing it, so
let me know if you need anything else from me.

Thanks everyone!

Sean

More information about the discuss mailing list