[NBLUG/talk] Multiple IP address / brute force attack
Dean Roman
droman at romansystems.com
Tue Apr 29 19:52:56 PDT 2008
Ken McGlothlen wrote:
> | I'm sad to admit I had a breech on a server at sonic this weekend. [...]
> The
> | script kiddies were only in for a few seconds, but they did their
> | damage. Things are back up for the most part now and the fortress is a
> little
> | stronger.
>
I hate to hear that...how did they get in, if you don't mind me
asking..via ssh, telnet, ftp, smtp, other?
A pretty good and very simple brute force ssh defensive program is
denyhosts. Run this on any machine running ssh and it actively adds hosts
to your /etc/hosts.deny file after a host has too many ssh failures.
> Sorry to hear it. These sorts of attacks are getting more and more
> frequent,
> and without dynamically adaptive firewalls, they're hard to manage.
>
> | What this means to me is that if you have a range of IPs on your server
> and
> | actually configure them to work, it's a little like hanging out a big
> net
> | with bells on it.
>
> Pretty much.
>
> | Comments, laughter, ideas?
>
> No laughter from this corner. Keeping up with this sort of thing is
> difficult.
>
> I guess the main thing is to keep track of what networks spell trouble,
> and
> keep up with your firewall. Keep up to date with the patches. Improve
> your
> monitoring tools. And good luck.
>
> ---Ken
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk
>
--
Dean A. Roman
More information about the talk
mailing list