Re: More SSH 'trolling'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Blocking repeat SSH attacks with IPTables

http://www.dsrtech.com/sshblock/




On Thu, 2004-10-14 at 19:10, STYMA, ROBERT E (ROBERT) wrote:
> One more lockdown on ssh I have not seen mentioned recently
> is /etc/hosts.allow and /etc/hosts.deny.  The sshd uses these.
> If you have some idea of where people will be ssh'ing from, you
> can limit the IP ranges, or domain names which can get past
> in.  If you don't match the list, you never even get to the login
> prompt.  For example, my home ssh only allows the IP address of
> my machine at work to get a login prompt.
> 
> Note that sshd (and tcpwrappers) looks at hosts.allow first and if
> it gets a thumbs up you get a login prompt.  It then looks at
> hosts.deny.  If you are not covered by this list, YOU GET IN!
> You probably want a hosts.deny file that reads:
> 
> ALL: ALL
> 
> That blocks everything except what is in hosts.allow. 
> 
> If you have a lot of people coming in from very diverse IP addresses,
> you could play the reverse game and use the hosts.deny to just block
> the IP ranges you see trolling.  Lot of flexibility here.  Breaking in
> to ssh is even harder when you can't get a login prompt.
> 
> Robert E. Styma
> Principal Engineer (DMTS)
> Lucent Technologies, Phoenix
> Email: [email protected]
> Phone: 623-582-7323
> FAX:   623-581-4390
> Company:  http://www.lucent.com
> Personal: http://www.swlink.net/~styma


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux