[CentOS] Intrusion Attempt Prevension - iptables problems

Mon Jan 12 20:41:15 UTC 2009
David Klann <klann at wins.net>

New to the list, so please forgive unintentional netiquette
transgressions...

On Mon, 12 Jan 2009 14:24:54 -0600
"James B. Byrne" <byrnejb at harte-lyne.ca> wrote:

> Thanks for the help.  I completely missed that error.
>
> <snip>
>
> throttle threshold of 15 seconds.  I am still concerned about any
> brute force attempt to discover the root password but, given no more
> than four connections per minute is possible, just how concerned
> should I be?
>
> <snip>
> completely defeat the current throttle rules.  Should I also throttle
> the total number of new connections from all IPs?

James,

Throttling all connection attempts to SSH is probably a good idea.

Discounting DoS or DDoS attacks, my solution to nefarious SSH attempts
is threefold: 1) run sshd on a port other than 22 (I know, obscurity
is not security...), 2) disable the root account (e.g., set the root
password to '*' in /etc/shadow), and allow only sudo(1) access to
privileged commands (this is the default on Ubuntu systems), and 3)
disable password authentication in sshd_config and require all ssh
users to log in using public key authentication.

Probably other things one can do, but I think this is a good first
step.

Best,

 -David Klann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090112/6413314e/attachment-0005.sig>