nanog mailing list archives

Re: SSH brute force China and Linux: best practices

From: Joel Jaeggli <joelja () bogus com>
Date: Sat, 30 Jan 2010 09:35:31 -0800

iptables -A INPUT -m recent --update --seconds 60 --hitcount 5 --name
SSH --rsource -j DROP
iptables -A INPUT -m recent --set --name SSH --rsource -j ACCEPT

also enforce either strong passwords or require no passwords (e.g. keys
only) and everything should be cool.

Bobby Mac wrote:

Hola Nanog:

So after many years of a hiatus from Linux,  I recently dropped XP in favour
of Fedora.  Now that my happy windows blinders are off, I see alarming
things.  Ugly ssh brute force, DNS server IP spoofing with scans and typical
script kiddie tactics.

What are the new set of best practices for those running a NIX home
computer.  Yes I have a firewall and I do peruse my logs on a regular
basis.

BTW: ever drop a malformed  URL to alert an admin to some thing that sucks?
w3.hp.com/execs/makes/too/much/money or
www.yourbuddiesdomain.com/it/is/all/rfc/space/use/1918/when/referring/to/non/routable

Thanks,
BobbyMac

Current thread:

SSH brute force China and Linux: best practices Bobby Mac (Jan 29)
- Re: SSH brute force China and Linux: best practices Bazy (Jan 30)
  - Re: SSH brute force China and Linux: best practices James Hess (Jan 30)
    - Re: SSH brute force China and Linux: best practices Bret Clark (Jan 30)
  - Re: SSH brute force China and Linux: best practices Peter Beckman (Jan 30)
- Re: SSH brute force China and Linux: best practices Chuck Anderson (Jan 30)
- Re: SSH brute force China and Linux: best practices Joel Jaeggli (Jan 30)
  - Re: SSH brute force China and Linux: best practices Randy Bush (Jan 30)
    - Re: SSH brute force China and Linux: best practices Joe Greco (Jan 30)
- Re: SSH brute force China and Linux: best practices John Mason Jr (Jan 30)