What can I do about breakin attempts? - Security

This is a discussion on What can I do about breakin attempts? - Security ; Chris wrote: > Some thug has repeatedly attempted to break in to my server. There's a long > list of repeat login attempts, with alphabetical user names, from one > particular IP address. (The jerk is at 216.155.75.230, if you're ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 23 of 23

Thread: What can I do about breakin attempts?

  1. Re: What can I do about breakin attempts?

    Chris wrote:
    > Some thug has repeatedly attempted to break in to my server. There's a long
    > list of repeat login attempts, with alphabetical user names, from one
    > particular IP address. (The jerk is at 216.155.75.230, if you're curious).
    > What can I do about this?


    fail2ban works for me

    http://fail2ban.sourceforge.net/

    bans IPs that cause multiple authentication errors

    Monitors (in daemon mode) or just scans log files
    (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily
    bans failure-prone addresses by updating existing firewall
    rules. Currently, by default, supports ssh/apache but configuration
    can be easily extended for scanning the other ASCII log
    files. Firewall rules are given in the config file, thus it can be
    adopted to be used with a variety of firewalls (e.g. iptables,
    ipfwadm).

    --
    Nick Craig-Wood -- http://www.craig-wood.com/nick

  2. Re: What can I do about breakin attempts?

    On Thu, 02 Mar 2006, in the Usenet newsgroup comp.os.linux.security, in article
    , Grant wrote:
    > (Moe Trin) wrote:


    >> But if your data is that valuable to someone, why is it on the computer?


    >Data that valuable one starts to worry about attackers with guns
    >Physical security of equipment.


    Networks with that level of classification exist. They also have the
    security requirements of 24/7 guards, and those magic 'air gap' routers.

    >Hey forget the guns, a while back a couple people dressed like tech's just
    >walked in and wheeled a customs computer out of an airport terminal during
    >business hours


    And this is somehow new? This is _quite_ common, even though security
    officers are aware of it, warn people about it (even posting large signs
    reminding everyone to challenge people they don't know), and it still
    happens often enough. In an earlier life, I worked for a military
    contractor in a facility with "highly classified" information. We'd
    occasionally get security audits where the government would have
    people wandering about without badges, or with obviously fake badges,
    and there would be hell to pay if you walked by them without challenging
    them.

    Old guy

  3. Re: What can I do about breakin attempts?

    Chris wrote:
    > Some thug has repeatedly attempted to break in to my server. There's a long
    > list of repeat login attempts, with alphabetical user names, from one
    > particular IP address. (The jerk is at 216.155.75.230, if you're curious).
    > What can I do about this?


    Send a stern letter to the _Times_? ;->

    Before you can address a problem, you must decide what that problem
    is, and why it's a problem. Do you have _cause_ to worry about
    net.randoms setting their scripts hammering on your sshd? Then,
    maybe whatever administrative and/or user error has made your system so
    extremely vulnerable is your real problem, and you should fix that.

    Those of us who've exposed systems to the Internet for a long time
    see dictionary attacks all the time, day in and day out. That's why we
    enforce use of strong passwords or public-key authentication -- and
    other measures.

    So: What problem are you seeking to solve?

    --
    Cheers,
    Rick Moen "vi is my shepherd; I shall not font."
    rick@linuxmafia.com -- Psalm 0.1 beta

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2