similar to: Need urgent help regarding security

Displaying 20 results from an estimated 30000 matches similar to: "Need urgent help regarding security"

2008 Jan 30
5
One approach to dealing with SSH brute force attacks.
Message-ID: <479F2A63.2070408 at centos.org> On: Tue, 29 Jan 2008 07:30:11 -0600, Johnny Hughes <johnny at centos.org> Subject Was: [CentOS] Unknown rootkit causes compromised servers > > SOME of the script kiddies check higher ports for SSH *_BUT_* I only see > 4% of the brute force attempts to login on ports other than 22. > > I would say that dropping brute force
2011 Apr 04
6
sshd: Authentication Failures: 137 Time(s)
Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown
2005 Apr 06
8
What is this Very Stupid DOS Attack Script?
We have been noticing flurries of sshd reject messages in which some system out there in the hinterlands hits us with a flood of ssh login attempts. An example: Apr 6 05:41:51 dc sshd[88763]: Did not receive identification string from 67.19.58.170 Apr 6 05:49:42 dc sshd[12389]: input_userauth_request: illegal user anonymous Apr 6 05:49:42 dc sshd[12389]: Failed password for illegal user
2015 Feb 13
5
Securing SSH wiki article outdated
On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote: > On 02/13/2015 09:15 AM, Chris Adams wrote: > > Yeah, the old "move stuff to alternate ports" thing is largely a waste > > of time and just makes it more difficult for legitimate use. With > > large bot networks and tools like zmap, finding services on alternate > > ports is not that hard for the
2008 Jul 21
20
Ideas for stopping ssh brute force attacks
just wanted to get some feedback from the community. Over the last few days I have noticed my web server and email box have attempted to ssh'd to using weird names like admin,appuser,nobody,etc.... None of these are valid users. I know that I can block sshd all together with iptables but that will not work for us. I did a little research on google and found programs like sshguard and
2005 Oct 25
6
ipf stopped working on 5.3
I've had ipf working on a few 5.3 servers for quite awhile. Not too long ago some developers had to do some coding work and were coming from dynamic IP's. I (reluctantly) opened up SSH to the world. Immediately I started seeing the attacks where bots of some sort would try to break in with a variety of different users. So, I (thought) I closed it up again and told the developers to use a
2004 Sep 18
8
Attacks on ssh port
Hi, Is there a security problem with ssh that I've missed??? Ik keep getting these hords of: Failed password for root from 69.242.5.195 port 39239 ssh2 with all kinds of different source addresses. They have a shot or 15 and then they are of again, but a little later on they're back and keep clogging my logs. Is there a "easy" way of getting these ip-numbers added to
2009 Mar 26
6
CentOS VPN server for iPhone
So far, OpenVPN has been working very well for me. Unfortunately, the iPhone doesn't have (yet?) an OpenVPN client, so I'm forced to work with what's available. The options are: L2TP, PPTP and IPSec. If you were to install a VPN endpoint on CentOS, which protocol would you prefer? The condition is to avoid shabby VPN servers that make the system less secure. I've seen some
2014 Oct 02
3
Securing SSH --> Change ports
In there you are almost telling people that security through obscurity is a good way. That might sometimes be true but in this case it could mean that you would be handing passwords and other data out. When you start SSH on port 22 it is done with root privileges because the root user is the only one that can use ports below 1024. Root is the only user that can listen to that port or do
2015 Jul 29
2
Deafness
> On Jul 28, 2015, at 21:52 , Steffan Cline <steffan at hldns.com> wrote: > > Ok, I think I have come a little further. > > When dovecot stops accepting connections, I checked netstat and found this: > > [root at hosting1 ~]# netstat -an | grep 993 > tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN > tcp 0 0
2008 Jun 12
2
aSTERISK / Vicidial systems over 4MB fiber
Hello everyone, As I am new to the asterisk community (although have been on the list reading for about 6 months) I wanted to see what users would recommend for security to protect several asterisk/ vicidial servers over a fiber connection. Currently I have a managed switch (Tellabs 8813-310) from time warner but I am having intrusion issues on my linux server which I think are contributing
2005 Dec 19
7
Brute Force Detection + Advanced Firewall Policy
Any BFD/AFP softwares available for FreeBSD 4.10? Im getting flooded with ssh and ftp attempts.
2005 Sep 22
2
Tunnel-only SSH keys
Hello. I once read somewhere that it's possible to limit SSH pubkeys to 'tunnel-only'. I can't seem to find any information about this in any of the usual places. I'm going to be deploying a few servers in a couple of days and I'd like them to log to a central server over an SSH tunnel (using syslog-ng) however I'd like to prevent actual logins (hence
2006 Aug 19
9
SSH scans vs connection ratelimiting
Gang, For months now, we're all seeing repeated bruteforce attempts on SSH. I've configured my pf install to ratelimit TCP connections to port 22 and to automatically add IP-addresses that connect too fast to a table that's filtered: table <lamers> { } block quick from <lamers> to any pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22 modulate
2019 May 13
2
root .bash_profile?
On Mon, 2019-05-13 at 16:20 -0400, Bee.Lists wrote: > > On May 13, 2019, at 2:46 PM, Pete Biggs <pete at biggs.org.uk> wrote: > > > > > First, the ~ which might not apply to root. > > > > Why do you think that? '~' is just shell shorthand for user's home > > directory. > > root quite often isn?t recognized as a proper user.
2006 Mar 10
6
sshd hack
I'm not really a programmer and I recently came across this hack to insert a short sleep statement into auth-passwd.c within sshd. It seems to quickly confuse automated dictionary attacks. I've moved sshd to higher ports but apparently the cretins are now scanning to look for that and attacking on whatever port sshd shows up on. Anyway, the link to the hack is here:
2010 Aug 27
1
tcpdump -z
Hi, This is a froward message from tcpdump-workers mail list: === 8< ================ >8 === From: ef <blob.bb.a@gmail.com> Subject: tcpdump -z: command execution Date: Fri, 27 Aug 2010 09:33:48 +0200 To: tcpdump-workers@lists.tcpdump.org Hello, Thx for tcpdump, very valuable tool! Was looking at the new version of tcpdump a few days ago and saw this option: " -z Used in
2003 May 28
1
FW: Question about logging.
I'm forwarding this to security@, as I'm getting no replies on ipfw@. Hope it's relevant enough for you :( ---Original Message----- From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org] On Behalf Of Erik Paulsen Skålerud Sent: Wednesday, May 28, 2003 1:02 AM To: ipfw@freebsd.org Subject: Question about logging. Sorry for asking this, It's probably been
2007 Mar 21
4
Reality check: IPFW sees SSH traffic that sshd does not?
This note is essentially a request for a reality check. I use IPFW & natd on the box that provides the interface between my home networks and the Internet; the connection is (static) residential DSL. I configured IPFW to accept & log all SSH "setup" requests, and use natd to forward such requests to an internal machine that only accepts public key authentication; that
2009 Mar 23
1
Security advice, please
On Tuesday 23 December 2008 15:38:17 Warren Young wrote: > Michael Simpson wrote: > >> GRC reports that ports are stealthed > > > > Try www.auditmypc.com or nmap-online.com rather than grc to look for open > > ports > > What advantages do they have, in your opinion? > > >> there a better way than opening port 143? > > > > ssh tunnelling?