[CentOS] ssh attack
Chris Mason (Lists)
lists at masonc.com
Mon Feb 13 23:30:50 UTC 2006
John Merritt wrote:
> Hi,
>
> I get ssh connect attempts all the time, to my servers at home and at
> work. I've noticed lately they come from a certain ip address, hitting
> every 3 or 4 seconds, trying 50 or 100 different user names and
> passwords. And I get these sweeps from 2 or 3 ip addresses a day. I
> guess this is an automated attempt to guess a user/pass and break into
> a system.
>
Everything on the internet gets them all day long. I have several
dedicated servers so the attacks become weary, and the only time I have
ever had a security problem was a user with a guessable password.
What I do is:
Install APF on every box as the first thing I do.
http://www.rfxnetworks.com/apf.php
#apf -a myownips
disallow ssh entirely with apf by leaving port 22 out of the the ingress
setting.
#chkconfig apf off
in the event the server hangs, I want the data center to be able to ssh
to the box, so a reboot will disble apf and they will be able to access.
install bfd - http://www.rfxnetworks.com/bfd.php
this will also stop the attacks on any port by banning the specifics IPs
that have too many failed logins.
APF is wonderful, very well thought out and powerful. It's not as
flexible as a firewall such as shorewall, but I feel that is overkill to
protect a single online server.
--
Chris Mason
NetConcepts
(264) 497-5670 Fax: (264) 497-8463
Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271
Cell: 264-235-5670
Yahoo IM: netconcepts_anguilla at yahoo.com
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the CentOS
mailing list