Re: Login attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

That is what is nice for me.  My entire job is intrusion detection, hence Intrusion Detection and Firewall Technician.  I am starting to spend the majority of my time performing network scans throughout the network.  It is amazing what you will find running on your "private" network.
Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln@xxxxxxx
417-447-7535


Thomas Cameron wrote: 
On Tue, 2004-12-07 at 14:24 -0600, Michael Yep wrote:
  
Hello

In my LogWatch report I get many login attacks, many from the same IP address.

sshd:
    Authentication Failures:
       root (218.232.109.187): 59 Time(s)
       adm (218.232.109.187): 2 Time(s)
       apache (218.232.109.187): 1 Time(s)
       nobody (218.232.109.187): 1 Time(s)
       operator (218.232.109.187): 1 Time(s)
    Invalid Users:
       Unknown Account: 43 Time(s)

I have permitRootLogin set to NO, and I use strong passwords, but can I 
just add these IP addresses to hosts.deny?
and if so how would I set that up
    

I tried to go down that road a few years back - whenever anyone tried to
probe my system I'd lock them out using iptables.

In not very much time my iptables rules were unmanageably long.  I found
that just disabling remote root login and enforcing strong passwords was
really the only way to deal with this kind of thing.

Thomas
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux