boot force attack help
Doran L. Barton
fozz at iodynamics.com
Mon Jul 25 16:29:36 MDT 2005
Michael Torrie wrote:
> I find this a little odd, though, since I haven't had a compromised
> Fedora Core machine ever, as long as I just did yum updates (as it
> sounds like you did).
These types of SSH attacks stem from using weak passwords. The worst, of
course, is when you allow root login via SSH and have a weak root password.
To prevent this from happening on a Fedora Core system, I always edit
the /etc/ssh/sshd_config file after installation and turn
PermitRootLogin to "no."
Then, set up iptables to only allow ssh access from trusted hosts or
configure sshd to only allow logins with keys and not passphrases.
If you must allow ssh logins from any source IP, consider a program like
denyhosts.py[1] that will parse your log files every X minutes (as
dictated by your crontab entry) to determine which IPs are trying to
"boot force" their way into your system and sets up the appropriate
/etc/hosts.deny entries.
-=Fozz
[1] < http://denyhosts.sf.net/ >
--
fozz at iodynamics.com is Doran L. Barton, president, Iodynamics LLC
Iodynamics: Linux solutions - Web development - Business connectivity
"It's the true realization of my aspiration. I hope to play along with the
heartiest gadgetry manifesting my sensibility."
-- Seen on a Sanyo appliance box
More information about the PLUG
mailing list