[clug] Stopping them at the door
Kim Holburn
kim.holburn at anu.edu.au
Mon Feb 14 01:18:31 GMT 2005
I use the ipt_recent module.
After a certain number of say ssh attempts in a certain amount of time
from an IP number I shun that IP number for say several days.
Kim
On 2005 Feb 14, , at 11:33 AM, Paul Wayper wrote:
> Hi there!
>
> As a good administrator, I read the nightly logs of attempted logins
> and send a message to the abuse contacts for each IP that tries to do
> a login scan of my machine. All of the attacks I've seen so far are
> just scans of common insecure logins, but what I'm worried about is
> coming in in the morning to find the logs saying someone's bashed away
> with a brute force password checker and found my password (they'll be
> trying to find an eight letter made-up word, and I imagine if they
> started a minute after I left in the afternoon they'd still be bashing
> away on it by the time I came back next morning.)
>
> The question I have is: if someone's managed to get access to a
> non-root account, how certain is it that they can get root access? Is
> it just going to be a matter of uploading a program or typing in a
> special command, or is there something I can do to slow these types of
> attacks down? Is SELinux the answer? Or is it just a matter of
> picking good passwords for all the login accounts and hoping?
>
> On a related note, how do I lengthen the amount of time the system
> stores the security logs?
>
> Thanks in advance,
>
> Paul
>
> --
> -- Paul Wayper at ANU - +61 2 6125 0643
>
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
--
Kim Holburn
Network Manager
National Information and Communication Technology Australia
Ph: +61 2 61258620 M: +61 417820641 F: +61 2 6230 6121 aim://kimholburn
Email: kim.holburn at anu.edu.au - PGP Public Key on request
callto://kholburn
Cacert Root Cert: http://www.cacert.org/index.php?id=16 ->
http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD]
http://www.saqqara.demon.co.uk/datefmt.htm
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the linux
mailing list