Re: Limit the number of erroneous logins of root from the same IP



On 2011-11-15, Moe Trin <ibuprofin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
On Tue, 15 Nov 2011, in the Usenet newsgroup alt.os.linux.redhat, in article
<j9sfne$or$1@xxxxxxxxxxxxxxxxxx>, dold@xxxxxxxxxxxxxxxx wrote:

unruh <unruh@xxxxxxxxxx> wrote:

/etc/hosts.allow
eg
sshd:111.222.333.444 222.333.444.111 ....:deny
to deny any ssh login from those IP addresses

What happens when you try to connect from one of those addresses?
Does it come back quickly as "connection refused", or timeout as if the
server didn't exist?

The three-way handshake is completed, and then you get a "connection
refused".

The iptables looks the same trying to connect to my server as it does
trying to connect to a non-existent server, which I think is handy.

The router upstream returns a ICMP Type 3 Code 1 ("Host unreachable")?
No, I suspect you have the system to return "nothing", which Steve
Gibson (of GRC.com) claims makes you invisible. The fact that the
upstream router DOESN'T return a "Host unreachable" means that it can
talk to the destination.

if /etc/hosts.allow works at the same level of obscurity, it does
look easier to administer, and I might switch to that.

No, if you're trying to pretend you don't exist, you need to use the
firewall with the "DROP" rules. It is easier to admin, but it lacks
a lot of features that the firewall has. Additionally, it only works
with daemons that are able to use 'tcp_wrappers' or 'libwrap', and
does not protect unopened ports as the firewall can.

Agreed. Although what "protecting unopened ports" means is a bit obscure
since an unopened port has nothing listening and thus cannot be used to
do anything to you. Your machine will simply ignore any packet with that
port.
ssh uses tcpwrappers. And I do hope that you are using ssh and not
telnet or rsh on your machine.

Old guy
.



Relevant Pages

  • Re: need help for setting SSH Server for Windows XP
    ... In my windows firewall proper ports are opened. ... Changing from port 22 to ports 80, 443 also doesn't give any results. ... static LAN IP of the server PC. ... It is *NOT* a valid test to call the SSH server PC from another ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: ssh security question
    ... Someone is attempting to use a dictionary or brute-force attack against your SSH server. ... Recently - I was away from the office - and enabled port 22 on the firewall - so I could access the centos server remotely. ...
    (SSH)
  • Re: Mac OS X Server Security Questions
    ... go to System Prefernces/Sharing to shut off ssh. ... as it is enabled by default on OS X server. ... Mind you, now with your dedicated Firewall in place, it's a moot point ... PermitRootLogin no ...
    (Security-Basics)
  • SSH connection thru corporate firewall to home sshd on Port 80
    ... I have a FreeBSD server running sshd listening on port 80 at home. ... I can successfully establish a ssh session from a Winnt/putty:80 box the ... When I take the same Winnt machine behind a corporate firewall which passes ...
    (comp.security.ssh)
  • Re: SSH Port Forwarding and X11 Question !
    ... log into your firewall with ssh -X firewall (the -X is to do a X-forwarding) ... I have Server A which needs to run a grpahics program. ...
    (SSH)