Security Basics mailing list archives
Re: what to do?
From: Leif Ericksen <leife () dls net>
Date: Wed, 31 Aug 2005 15:23:36 -0500
YIKES. ..."If you feel that these attacks are a serious threat then I
would recommend doing the reverse and only allowing certain IP addresses through your firewall to sshd."
That is what I would do in the first place. On my home network I have a default rule that blocks all IPS by default. However, I have one port 80 set up for everybody. I love the MS directed attacks on my Linux server so much that I created some of the directories to mess with the kiddies. Now as for ssh I only allow a specific set of defined IPS through the firewall for that services. IMHO best rule is first to block everything and only turn on known IPS unless it is for a service that should be allow all... (web and email for an internet facing server) -- Leif Ericksen On Fri, 2005-08-26 at 20:57 -0400, Bow Sineath wrote: <SNIP>
I typically watch for the attacks and use ipfw or tcp wrappers to deny connections from IP blocks that show up in my logs. In your case I would deny connections from 80.68.0.0/16, however that will deny anyone from the 80.68.0.0 subnet. If you feel that these attacks are a serious threat then I would recommend doing the reverse and only allowing certain IP addresses through your firewall to sshd.
</SNIP>
Current thread:
- what to do? Bill Smith (Aug 26)
- Re: what to do? Jayson Anderson (Aug 29)
- Re: what to do? AragonX (Aug 30)
- Re: what to do? Ansgar -59cobalt- Wiechers (Aug 29)
- Re: what to do? Alexander Bolante (Aug 29)
- Re: what to do? Robert Escue (Aug 29)
- Re: what to do? Bow Sineath (Aug 29)
- Re: what to do? Leif Ericksen (Aug 31)
- Re: what to do? Duncan (Aug 29)
- Re: what to do? Jonathan Loh (Aug 29)
- RE: what to do? Eduardo Suzuki (Aug 30)
- Re: what to do? morph84 (Aug 29)
- Re: what to do? cam (Aug 30)
- Re: what to do? zp (Aug 30)
- Re: what to do? cam (Aug 30)
- Re: what to do? Barrie Dempster (Aug 29)
- Re: what to do? paavan shah (Aug 29)
- Re: what to do? Alexander Klimov (Aug 30)
- Re: what to do? Anthony J Placilla (Aug 30)
(Thread continues...)
- Re: what to do? Jayson Anderson (Aug 29)