[CentOS] Paranoid Firewalling

Sun Oct 9 00:56:02 UTC 2005
Sam Drinkard <sam at wa4phy.net>

Thanks to all for responding.  I've looked over the denyhosts 
files/faq/etc., and that looks like the tool I'll wind up using, both 
here and on my mailserver downtown.  I know from the BSD machine 
downtown, many of the attempts are not so much dictionary types but 
random/casual types of attempts, yet it still is a bother to see all the 
failed attempts in the logs.  My centos machine is down until I get yet 
another new mobo.. long story, but this makes 3, and this one was DOA.  
Anyhow, it will at least cut down on some of the wasted bandwidth here 
at home, which is in at times, short supply.  I'd considered a non-std 
port for ssh, but I have some folks who would never remember to tell ssh 
to use a non-std port.  Some have a hard enough time getting logged in 
using the normal stuff...

I guess I need to read a bit more on the ALL:PARANOID bit.. that also 
might work for here, but not downtown.

Sam

Ryan wrote:

>On Saturday 08 October 2005 02:41 pm, Matt Hyclak wrote:
>  
>
>>On Sat, Oct 08, 2005 at 01:50:59PM -0400, Sam Drinkard enlightened us:
>>    
>>
>>>Looking at that perl script gave me an idea, but yet a question.  I
>>>notice there is a line that says something about "Max Retries".  Is that
>>>something that is configurable somewhere, or can be turned on?
>>>
>>>I know there have been long discussions about blocking the brute force
>>>attempts at breakins, but at the time I did not see much need for it.
>>>Not long after that, I started seeing somewhere between 100 and as high
>>>as 800 attempts to break in via the sshd.  Not that I'm too worried
>>>about someone guessing a password, but in those numbers, it does take
>>>some bandwidth.  I'd like to see something like Max Retries of 3, so if
>>>someone tries 3 times to guess the password, or different usernames, it
>>>would throw their IP/hostname into the /etc/hosts.deny file,
>>>permanently.  BSD does things a bit different, in that the hosts.allow
>>>does both the allows and the denies, making hosts.deny pretty much
>>>moot.   Given those thoughts, what kind of something is available to do
>>>just that -- the max retries thingy?
>>>
>>>Thanks...
>>>      
>>>
>
>Try using ALL: PARANOID in /etc/hosts.deny - this will drop a lot of the 
>trojaned residential dsl/cable modems.
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos
>
>
>  
>

-- 
Snowman