[CentOS] Intrusion Attempt Prevension - iptables problems
klann at wins.net
Mon Jan 12 20:41:15 UTC 2009
New to the list, so please forgive unintentional netiquette
On Mon, 12 Jan 2009 14:24:54 -0600
"James B. Byrne" <byrnejb at harte-lyne.ca> wrote:
> Thanks for the help. I completely missed that error.
> throttle threshold of 15 seconds. I am still concerned about any
> brute force attempt to discover the root password but, given no more
> than four connections per minute is possible, just how concerned
> should I be?
> completely defeat the current throttle rules. Should I also throttle
> the total number of new connections from all IPs?
Throttling all connection attempts to SSH is probably a good idea.
Discounting DoS or DDoS attacks, my solution to nefarious SSH attempts
is threefold: 1) run sshd on a port other than 22 (I know, obscurity
is not security...), 2) disable the root account (e.g., set the root
password to '*' in /etc/shadow), and allow only sudo(1) access to
privileged commands (this is the default on Ubuntu systems), and 3)
disable password authentication in sshd_config and require all ssh
users to log in using public key authentication.
Probably other things one can do, but I think this is a good first
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: not available
More information about the CentOS