Displaying 20 results from an estimated 10000 matches similar to: "One approach to dealing with SSH brute force attacks."
2010 Jan 11
2
Securing http authentication from brute force attacks
We have several web applications deployed under Apache that require
a user id / password authentication. Some of these use htdigest and
others use the application itself.
Recently we have experienced several brute force attacks against
some of these services which have been dealt with for the nonce by
changes to iptables. However, I am not convinced that these changes
are the answer.
Therefore
2009 May 14
6
Dealing with brute force attacks
Over the weekend one of our servers at a remote location was
hammered by an IP originating in mainland China. This attack was
only noteworthy in that it attempted to connect to our pop3 service.
We have long had an IP throttle on ssh connections to discourage
this sort of thing. But I had not considered the possibility that
other services were equally at risk. Researching this on the web
does
2011 Apr 04
6
sshd: Authentication Failures: 137 Time(s)
Hi,
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set
--name SSH --rsource
And this is part of logwatch:
sshd:
Authentication Failures:
unknown
2010 Jun 22
1
iptables and kvm
I am experimenting with a kvm virtual machine. At the moment I
trying to configure iptables for the the host instance. In Xen
terms I would call this Dom0 but I do not know the appropriate KVM
term, if any.
The setup I have is a single NIC (eth0) host bridged (bridge0). I
want iptables to allow all host generated traffic (! bridge0 I
think) and to check all other traffic for brute force
2008 Jul 21
20
Ideas for stopping ssh brute force attacks
just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc.... None of these are
valid users. I know that I can block sshd all together with iptables but
that will not work for us. I did a little research on google and found
programs like sshguard and
2015 Dec 28
9
Firewall trouble?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I recently tried adding a firewall to my Samba 4 server using the port
information I found on the wiki. Below is a dump of the resulting rules.
root at dc01:~# iptables -S
- -P INPUT DROP
- -P FORWARD DROP
- -P OUTPUT ACCEPT
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m
2008 Nov 28
6
How to delay failed ssh auth
Hi!
I need to delay failed ssh password authentication as an additional
measure against brute force ssh attacks. I understand, that shoud be
accomplished through pam, but googling gave me no example. I have CentOS
5.2.
--
Veiko Kukk
2005 Nov 16
11
Need urgent help regarding security
Good Day!
I think we have a serious problem. One of our old
server running FreeBSD 4.9 have been compromised and
is now connected to an ircd server..
195.204.1.132.6667 ESTABLISHED
However, we still haven't brought the server down in
an attempt to track the intruder down. Right now we
are clueless as to what we need to do..
Most of our servers are running legacy operating
systems(old
2006 Aug 30
3
No tcp wrappers, other ideas to help stop brute force attacks?
I'm looking for a way to deny access to dovecot from certain IP
addresses, basically to help prevent brute force attacks on the
server.
Right now I'm using denyhosts which scans /var/log/secure for
authentication failures which then can add an entry to
/etc/hosts.deny, but since dovecot doesn't have tcp wrappers support,
that doesn't do anything.
It doesn't look like I can
2005 Oct 25
5
Problem SSH
My Centos 4.1 only accept connections from localhost, my file conf is
default.
error: ssh: connect to host 192.168.1.78 port 22: No route to host
thanks
2015 Feb 04
5
Another Fedora decision
On Tue, February 3, 2015 14:01, Valeri Galtsev wrote:
>
> On Tue, February 3, 2015 12:39 pm, Les Mikesell wrote:
>> On Tue, Feb 3, 2015 at 12:24 PM, Valeri Galtsev
>> <galtsev at kicp.uchicago.edu> wrote:
>>>
>>> Sounds so I almost have to feel shame for securing my boxes no
>>> matter what job vendor did ;-)
>>
>> Yes, computers and
2024 Apr 25
1
how to block brute force attacks on reverse tunnels?
On 25.04.24 17:15, openssh-unix-dev-request at mindrot.org digested:
> Subject: how to block brute force attacks on reverse tunnels?
> From: Steve Newcomb <srn at coolheads.com>
> Date: 25.04.24, 17:14
>
> For many years I've been running ssh reverse tunnels on portable Linux,
> OpenWRT, Android etc. hosts so they can be accessed from a server whose
> IP is stable
2012 Dec 15
3
Cannot build custom locale with utf-8 charset
I am trying, without success, to compile a custom locale for the utf-8
character set. I have issued this command:
localedef --no-archive -f UTF-8 -i
/usr/share/i18n/locales/en_CA at yyyy-mmm-dd en_CA at yyyy-mmm-dd.utf8
which produces the requisite files without reporting an error but
which none-the-less insists on using the iso-8859-1 charset:
LC_ALL=en_CA at yyyy-mm-dd locale charmap
2010 Jun 29
3
Find a way to block brute force attacks.
Hello list.
I'm trying to find a way to block any ip that tries to login more than three
times with the wrong password and try to log in three different extensions. For
I have suffered some brute force attacks on my asterisk in the morning
period.
The idea would be: Any ip with three attempts without success to log into an
extension is blocked.
Is there any way to accomplish this directly
2014 Aug 20
2
Port scanning from MicroSoft?
This mornings activity log shows this:
. . .
From 23.102.132.99 - 2 packets to tcp(3389)
From 23.102.133.164 - 1 packet to tcp(3389)
From 23.102.134.239 - 2 packets to tcp(3389)
From 23.102.136.210 - 3 packets to tcp(3389)
From 23.102.136.222 - 2 packets to tcp(3389)
From 23.102.137.62 - 3 packets to tcp(3389)
From 23.102.137.101 - 2 packets to tcp(3389)
From
2006 Sep 18
3
Gnome Desktop Screensaver Security Lock Override?
We deployed our first CentOS-4 based workstation this past spring to see
if we can conveniently replace all, or at least most, of our MS-Win based
user systems with Linux boxes instead. Generally this trial unit has
proved a success but there is one lingering problem that I cannot seem to
find a straight-forward answer to: Is there an administrator override to a
user's password protected
2005 Feb 23
9
shorewall friendly way of limiting ssh brute force attacks?
I was wondering if anyone had implemented rules like this in shorewall:
http://blog.andrew.net.au/tech
I see tons of brute force attempts on the machines I administer, and I like
the idea of limiting them without the need for extra daemons scanning for
attacks.
Thanks,
Dale
--
Dale E. Martin - dale@the-martins.org
http://the-martins.org/~dmartin
2015 Dec 29
1
Firewall trouble?
Alright, I have setup the new rules and am waiting to see if I have any
issues. If I do, I will keep working on it. I also read the article
below, which mentions exactly what you I was told about 2008 and newer
using different ports.
https://support.microsoft.com/en-us/kb/929851
Here is the new configuration:
root at dc01:~# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -m
2015 Dec 29
1
Firewall trouble?
I just looked up 42 and 68. I do not use WINS or BOOTP. I am removing
range 1024-5000 and replacing it with 49612-65535 now. I already allowed
389 TCP.
Lead IT/IS Specialist
Reach Technology FP, Inc
On 12/29/2015 03:58 AM, L.P.H. van Belle wrote:
> Hai,
>
> Im missing a few things.
>
> And maybe time server port to open? Are your dc's time server also?
> These are the
2015 Feb 03
3
Another Fedora decision
I think it well to recall that the change which instigated this
tempest was not to the network operations of a RHEL based system but
to the 'INSTALLER' process, Anaconda. Now, I might be off base on
this but really, ask yourself: Who exactly uses an installer program?
And what is the threat model being addressed by requiring that the
installer set a suitably strong password for root?