[clug] Stopping them at the door

Kim Holburn kim.holburn at anu.edu.au
Mon Feb 14 01:18:31 GMT 2005 

I use the ipt_recent module.

After a certain number of say ssh attempts in a certain amount of time 
from an IP number I shun that IP number for say several days.

Kim

On 2005 Feb 14, , at 11:33 AM, Paul Wayper wrote:

> Hi there!
>
> As a good administrator, I read the nightly logs of attempted logins 
> and send a message to the abuse contacts for each IP that tries to do 
> a login scan of my machine.  All of the attacks I've seen so far are 
> just scans of common insecure logins, but what I'm worried about is 
> coming in in the morning to find the logs saying someone's bashed away 
> with a brute force password checker and found my password (they'll be 
> trying to find an eight letter made-up word, and I imagine if they 
> started a minute after I left in the afternoon they'd still be bashing 
> away on it by the time I came back next morning.)
>
> The question I have is: if someone's managed to get access to a 
> non-root account, how certain is it that they can get root access?  Is 
> it just going to be a matter of uploading a program or typing in a 
> special command, or is there something I can do to slow these types of 
> attacks down?  Is SELinux the answer?  Or is it just a matter of 
> picking good passwords for all the login accounts and hoping?
>
> On a related note, how do I lengthen the amount of time the system 
> stores the security logs?
>
> Thanks in advance,
>
> Paul
>
> -- 
> -- Paul Wayper at ANU - +61 2 6125 0643
>
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
-- 
Kim Holburn
Network Manager
National Information and Communication Technology Australia
Ph: +61 2 61258620 M: +61 417820641 F: +61 2 6230 6121 aim://kimholburn
Email: kim.holburn at anu.edu.au  - PGP Public Key on request  
callto://kholburn
Cacert Root Cert: http://www.cacert.org/index.php?id=16 -> 
http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.

Use ISO 8601 dates [YYYY-MM-DD] 
http://www.saqqara.demon.co.uk/datefmt.htm
Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the linux mailing list