Neil Cherry wrote:
Rahul Sundaram wrote:
On Sat, 2006-04-01 at 12:56 -0500, Neil Cherry wrote:
Gene Heskett wrote:
On Friday 31 March 2006 19:42, John Summerfield wrote:
A reasonable security system would shut down the login process for a
time after some number of consecutive failed login attempts. It's a
rule that's been around for a long time, it's even in Linux, but
implemented poorly.
And how does one go about turning that option on, with say a 15
minute timeout?
That's the "implemented poorly" bit. The only place I know it's
implemented is at the local virtual console where the delay's quite
short, not configurable that I know of, and if you time out one, there
are (by default, five) others to try, and by then the original getty's
accepting logins again. Worse, you can reset the counter by typing ^D as
a login name.
Check out pam_abl on http://www.hexten.net/pam_abl/ (SourceForge
project).
If you want to go this route, both denyhosts and pam_abl are available
for Fedora Extras.
I've also use a Perl script to add these IP addresses to an iptables
list but even with summarization I had thousands of denies. So I
only allow a select few sites to get to my ssh and the attacks have
completely stopped. Though I will say I'm not doing this commercially.
On some machines I administer remotely you need to have an account with
my IAP to get past hosts.{allow,deny} with ssh, and the only other entry
is via VPN: to breach that you need to know which house to burgle.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
