Well, I run snort (
http://www.snort.org/) and guardian scripts
(
http://www.chaotic.org/guardian/) to control extensive hacking on SSH.
Because I have no guest or test or user accounts on my system, the IDS take
notice and guardian will modify the firewall (iptables) and cut off the
attack for a predetermined amount of time.
I too cannot selectively allow specific external IP addresses, so the IDS
does it's job to look for strange SSH login attempts. As always, keep your
OpenSSH packages up-to-date and take care when setting accounts/passwords.
Trev.
-----Original Message-----
From: fedora-list-bounces(a)redhat.com
[mailto:fedora-list-bounces@redhat.com]On Behalf Of Alexander Dalloz
Sent: Tuesday, August 10, 2004 8:24 AM
To: For users of Fedora Core releases
Subject: Re: MORE SSH Hacking: heads-up <- TCP Wrappers
Am Di, den 10.08.2004 schrieb Luis Miguel Cruz um 14:59:
Use TCP Wrappers: /etc/hosts.allow and /etc/host.deny
But what does it help on systems where people have to login from
changing IPs and not from a fix IP net?
There is nothing really good we can do against it.
Seems all the hosts are already owned and try to enter more systems.
Alexander