On Sat, 30 Jan 2010, Bazy wrote:
On Sat, Jan 30, 2010 at 6:47 AM, Bobby Mac <bobbyjim@gmail.com> wrote:
So after many years of a hiatus from Linux, I recently dropped XP in favour of Fedora. Now that my happy windows blinders are off, I see alarming things. Ugly ssh brute force, DNS server IP spoofing with scans and typical script kiddie tactics.
Take a look at http://www.fail2ban.org and http://denyhosts.sourceforge.net. I'm not Chinese but I'm sure that brute-force attacks come from all over the world. Here's a little from my logwatch.
For securing ssh, better than either of those is sshguard. fail2ban is a Python script, as is denyhosts. Script-based services are fine, but native compiled code is better, lower memory, less overhead. sshguard is better because it's written in C, can read multiple log formats, can block for many popular services (dovecot, ftp daemons, even an imap daemon) and it works with many popular existing firewalls: pf, netfilter, iptables, ipfw, ipfilter, tcpd, even IBM's AIX firewall. http://www.sshguard.net/ I've run it for 3 years now, solid as a rock. Questions are quickly answered in the mailing lists by the lead developer Mij. Additionally, you may want to consider using SSH Key Authorization only, and disable password authentication. This guarantees that brute force attacks will fail, because they only use username + Password (AFAICT), not random private keys. Here is a good article on how to enable Key-based auth (may already be enabled), as well as how to turn Password Auth off in ssh to protect/eliminate ssh brute force successes. http://www.debuntu.org/ssh-key-based-authentication Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------