DragonFly users List (threaded) for 2007-12
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: Blacklisting (and blocking) remote sites - blt.tar.gz (0/1)
| From: | "David Frech" <nimblemachines@xxxxxxxxx> |
| Date: | Thu, 27 Dec 2007 16:00:56 -0800 |
An easy solution to this problem (suggested by a friend of mine) is simply to run sshd on a port other than 22. Within hours of putting a machine on my DSL line it was hammered by requests - someone from an IP in Moscow tried all day to get in. I'm not worried about security - the box is set up for pubkey-only access - but it *is* annoying getting huge log files, and knowing that lots of cycles are getting used up. If you don't have heaps of users (I have two ;-) it's quite easy for them to set up entries in their .ssh/config files with the unusual port number, so that ssh'ing in isn't annoying. In fact once set up you don't even think about it any more. Cheers, - David On 12/27/07, Matthew Dillon <dillon@apollo.backplane.com> wrote: > :Hi all, > : > :you probably also get your logfiles flooded with lines reporting > :failed login attempts via ftp or ssh from remote sites. > :... > : > :So here's my homebrewed blacklisting toolset, consisting of just two > :simple shell scripts and a master configuration file. > : > :Enjoy the show > : > :--Joerg > > Cool stuff... I like the variable names you chose. > > There are two issues that I see. The first is that the hosts.allow > file can potentially become huge... thousands or tens of thousands > of entries (or more) if you are attacked, and that could be used as a > denial of service attack against regular operations. every connect() > to your box will search the file. > > The second is that I'm not sure it is safe to insert the strings > you are greping out of the BLACKLIST file (thrown into your > PISSNELKE variable) directly into the hosts.allow file like that. > You need to sanitize the contents of PISSNELKE before you can embed > it or you will be vulnerable to reverse DNS insertion attacks. For > example, what would happen if $PISSNELKE contained a ':' ? Or a > wildcard? > > I'd like to see those connections denied too but the next best thing > is to not use passwords at all.... use ssh only for all machine access, > like we do on leaf.dragonflybsd.org (and every other machine I manage, > including my personal boxes). > > -Matt > Matthew Dillon > <dillon@backplane.com> > > -- If I have not seen farther, it is because I have stood in the footsteps of giants.
- Follow-Ups:
- Re: Blacklisting (and blocking) remote sites - blt.tar.gz (0/1)
- From: Joerg Anslik <joerg@anslik.de>
- Re: Blacklisting (and blocking) remote sites - blt.tar.gz (0/1)
- References:
- Blacklisting (and blocking) remote sites - blt.tar.gz (0/1)
- From: Joerg Anslik <joerg@anslik.de>
- Re: Blacklisting (and blocking) remote sites - blt.tar.gz (0/1)
- From: Matthew Dillon <dillon@apollo.backplane.com>
- Blacklisting (and blocking) remote sites - blt.tar.gz (0/1)
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]