nanog mailing list archives
Re: SSH brute force China and Linux: best practices
From: Bazy <bazy84 () gmail com>
Date: Sat, 30 Jan 2010 12:22:37 +0200
On Sat, Jan 30, 2010 at 6:47 AM, Bobby Mac <bobbyjim () gmail com> wrote:
Hola Nanog: So after many years of a hiatus from Linux, I recently dropped XP in favour of Fedora. Now that my happy windows blinders are off, I see alarming things. Ugly ssh brute force, DNS server IP spoofing with scans and typical script kiddie tactics. What are the new set of best practices for those running a NIX home computer. Yes I have a firewall and I do peruse my logs on a regular basis. BTW: ever drop a malformed URL to alert an admin to some thing that sucks? w3.hp.com/execs/makes/too/much/money or www.yourbuddiesdomain.com/it/is/all/rfc/space/use/1918/when/referring/to/non/routable Thanks, BobbyMac
Hello Bobby, Take a look at http://www.fail2ban.org and http://denyhosts.sourceforge.net. I'm not Chinese but I'm sure that brute-force attacks come from all over the world. Here's a little from my logwatch. Refused incoming connections: 211.234.60.44 (211.234.60.44): 1 Time(s) 218.3.88.114 (218.3.88.114): 1 Time(s) 58.68.119.187 (58.68.119.187): 2 Time(s) 89.149.149.132 (89.149.149.132): 5 Time(s) net137-143.paichai.ac.kr (203.250.137.143): 1 Time(s) Regards, Bazy
Current thread:
- SSH brute force China and Linux: best practices Bobby Mac (Jan 29)
- Re: SSH brute force China and Linux: best practices Bazy (Jan 30)
- Re: SSH brute force China and Linux: best practices James Hess (Jan 30)
- Re: SSH brute force China and Linux: best practices Bret Clark (Jan 30)
- Re: SSH brute force China and Linux: best practices Peter Beckman (Jan 30)
- Re: SSH brute force China and Linux: best practices James Hess (Jan 30)
- Re: SSH brute force China and Linux: best practices Chuck Anderson (Jan 30)
- Re: SSH brute force China and Linux: best practices Joel Jaeggli (Jan 30)
- Re: SSH brute force China and Linux: best practices Randy Bush (Jan 30)
- Re: SSH brute force China and Linux: best practices Joe Greco (Jan 30)
- Re: SSH brute force China and Linux: best practices Randy Bush (Jan 30)
- Re: SSH brute force China and Linux: best practices John Mason Jr (Jan 30)
- Re: SSH brute force China and Linux: best practices Bazy (Jan 30)