Re: crazy hackers and logwatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/9/05, Justin Conover <justin.conover@xxxxxxxxx> wrote:
> On 8/9/05, Brian Gaynor <briang@xxxxxxxxxxx> wrote:
> > On Tue, 2005-08-09 at 09:39 -0600, Kevin Fenzi wrote:
> > > A better rule (IMHO), I use:
> > >
> > > $IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT
> > >
> > > This has the advantage of only blocking the offending IP if they go
> > > over 1/min, but letting all other ip's still have access until they go
> > > over the limit.
> >
> > I've used similar rules for some time now and they've proven very
> > effective. The only problem I've run into is with subversion over SSH,
> > it generates a lot of  short connections sometimes (for example when
> > browsing a repository) and can look like an attack to this kind of
> > block. For that reason I am interested in testing DENYHOSTS.
> >
> > --
> > Brian Gaynor
> > www.pmccorp.com
> > FC4/Linux on DELL Inspiron 5160 3.0Ghz
> > canis 08:55:20 up 26 min, 1
> > user, load average: 0.27, 0.22,
> >
> >
> > --
> > fedora-test-list mailing list
> > fedora-test-list@xxxxxxxxxx
> > To unsubscribe:
> > http://www.redhat.com/mailman/listinfo/fedora-test-list
> >
> 
> 
> Bastards really want in.
> 
> 
> sshd:
>   Authentication Failures:
>      root (61.185.220.46): 528 Time(s)
>      unknown (61.185.220.46): 221 Time(s)
>      mail (61.185.220.46): 2 Time(s)
>      mysql (61.185.220.46): 2 Time(s)
>      news (61.185.220.46): 2 Time(s)
>      adm (61.185.220.46): 1 Time(s)
>      apache (61.185.220.46): 1 Time(s)
>      bin (61.185.220.46): 1 Time(s)
>      ftp (61.185.220.46): 1 Time(s)
>      games (61.185.220.46): 1 Time(s)
>      ldap (61.185.220.46): 1 Time(s)
>      lp (61.185.220.46): 1 Time(s)
>      nobody (61.185.220.46): 1 Time(s)
>      operator (61.185.220.46): 1 Time(s)
>      root (201.145.24.178): 1 Time(s)
>      rpm (61.185.220.46): 1 Time(s)
>      squid (61.185.220.46): 1 Time(s)
>      sshd (61.185.220.46): 1 Time(s)
>   Invalid Users:
>      Unknown Account: 221 Time(s)
>      Bad User: root: 1 Time(s)
>   Sessions Opened:
>      justin: 1 Time(s)
> 
ssh bob@<myIP>
Stay the **** off my box!  Loosers, you can't get in.  Your a bunch of
script-kiddes that suckled on your momma to long.  If you think your
talented, than use it to do real hacking, like on Open Source Linux. 
Otherwise, take your noobie cracking ass back to school!

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
http://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]