[CentOS] Intrusion Attempt Prevension - iptables problems
David Klann
klann at wins.net
Mon Jan 12 20:41:15 UTC 2009
New to the list, so please forgive unintentional netiquette
transgressions...
On Mon, 12 Jan 2009 14:24:54 -0600
"James B. Byrne" <byrnejb at harte-lyne.ca> wrote:
> Thanks for the help. I completely missed that error.
>
> <snip>
>
> throttle threshold of 15 seconds. I am still concerned about any
> brute force attempt to discover the root password but, given no more
> than four connections per minute is possible, just how concerned
> should I be?
>
> <snip>
> completely defeat the current throttle rules. Should I also throttle
> the total number of new connections from all IPs?
James,
Throttling all connection attempts to SSH is probably a good idea.
Discounting DoS or DDoS attacks, my solution to nefarious SSH attempts
is threefold: 1) run sshd on a port other than 22 (I know, obscurity
is not security...), 2) disable the root account (e.g., set the root
password to '*' in /etc/shadow), and allow only sudo(1) access to
privileged commands (this is the default on Ubuntu systems), and 3)
disable password authentication in sshd_config and require all ssh
users to log in using public key authentication.
Probably other things one can do, but I think this is a good first
step.
Best,
-David Klann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090112/6413314e/attachment.sig>
More information about the CentOS
mailing list