nanog mailing list archives
Re: SSH brute force China and Linux: best practices
From: Peter Beckman <beckman () angryox com>
Date: Sat, 30 Jan 2010 14:55:19 -0500
On Sat, 30 Jan 2010, Bazy wrote:
On Sat, Jan 30, 2010 at 6:47 AM, Bobby Mac <bobbyjim () gmail com> wrote:So after many years of a hiatus from Linux, I recently dropped XP in favour of Fedora. Now that my happy windows blinders are off, I see alarming things. Ugly ssh brute force, DNS server IP spoofing with scans and typical script kiddie tactics.Take a look at http://www.fail2ban.org and http://denyhosts.sourceforge.net. I'm not Chinese but I'm sure that brute-force attacks come from all over the world. Here's a little from my logwatch.
For securing ssh, better than either of those is sshguard. fail2ban is a
Python script, as is denyhosts. Script-based services are fine, but
native compiled code is better, lower memory, less overhead.
sshguard is better because it's written in C, can read multiple log
formats, can block for many popular services (dovecot, ftp daemons, even
an imap daemon) and it works with many popular existing firewalls: pf,
netfilter, iptables, ipfw, ipfilter, tcpd, even IBM's AIX firewall.
http://www.sshguard.net/
I've run it for 3 years now, solid as a rock. Questions are quickly
answered in the mailing lists by the lead developer Mij.
Additionally, you may want to consider using SSH Key Authorization only,
and disable password authentication. This guarantees that brute force
attacks will fail, because they only use username + Password (AFAICT), not
random private keys.
Here is a good article on how to enable Key-based auth (may already be
enabled), as well as how to turn Password Auth off in ssh to
protect/eliminate ssh brute force successes.
http://www.debuntu.org/ssh-key-based-authentication
Beckman
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman () angryox com http://www.angryox.com/
---------------------------------------------------------------------------
Current thread:
- SSH brute force China and Linux: best practices Bobby Mac (Jan 29)
- Re: SSH brute force China and Linux: best practices Bazy (Jan 30)
- Re: SSH brute force China and Linux: best practices James Hess (Jan 30)
- Re: SSH brute force China and Linux: best practices Bret Clark (Jan 30)
- Re: SSH brute force China and Linux: best practices Peter Beckman (Jan 30)
- Re: SSH brute force China and Linux: best practices James Hess (Jan 30)
- Re: SSH brute force China and Linux: best practices Chuck Anderson (Jan 30)
- Re: SSH brute force China and Linux: best practices Joel Jaeggli (Jan 30)
- Re: SSH brute force China and Linux: best practices Randy Bush (Jan 30)
- Re: SSH brute force China and Linux: best practices Joe Greco (Jan 30)
- Re: SSH brute force China and Linux: best practices Randy Bush (Jan 30)
- Re: SSH brute force China and Linux: best practices John Mason Jr (Jan 30)
- Re: SSH brute force China and Linux: best practices Bazy (Jan 30)