[CentOS] Defending againts simultanious attacks
mike.redan at bell.ca
mike.redan at bell.ca
Thu Feb 15 13:20:29 UTC 2007
>
> they tried with many username, including root.
> it's comes from different IP. some of them are foreign website.
>
> How do i make my centos become smarter in handling this kind
> of attacks.
>
> eventhough i've disable all the user accounts, left only the
> admin accounts. making the password so hard, longer and
> combining alphabet, numbers and characters... yet i dont want
> the attackers keep on trying.
>
> any suggestions?
>
Just do what you are doing. Keep only essential accounts active, set
strong passwords. Keep up-to-date on patches.
There are tonnnes of people that will scan your machine that is
connected to the internet. As another person said, you can use some
scripting along with IPTables to auto-block some people..if you know
exactly where you will be SSH'ing in from..setup IPTables to only allow
that address to SSH in.
If you are looking for something to play with..hmm..:
-port knocking
-two factor authentication
-denyhosts script previously mentioned
-just don't open SSH to the world
Mike
More information about the CentOS
mailing list