Well, I run snort (http://www.snort.org/) and guardian scripts (http://www.chaotic.org/guardian/) to control extensive hacking on SSH. Because I have no guest or test or user accounts on my system, the IDS take notice and guardian will modify the firewall (iptables) and cut off the attack for a predetermined amount of time. I too cannot selectively allow specific external IP addresses, so the IDS does it's job to look for strange SSH login attempts. As always, keep your OpenSSH packages up-to-date and take care when setting accounts/passwords. Trev. -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Alexander Dalloz Sent: Tuesday, August 10, 2004 8:24 AM To: For users of Fedora Core releases Subject: Re: MORE SSH Hacking: heads-up <- TCP Wrappers Am Di, den 10.08.2004 schrieb Luis Miguel Cruz um 14:59: > Use TCP Wrappers: /etc/hosts.allow and /etc/host.deny But what does it help on systems where people have to login from changing IPs and not from a fix IP net? There is nothing really good we can do against it. Seems all the hosts are already owned and try to enter more systems. Alexander
