[Wylug-help] Security log message
John Hodrien
johnh at comp.leeds.ac.uk
Sun Mar 9 22:41:50 GMT 2008
On Sun, 9 Mar 2008, Anne Wilson wrote:
> I think that indicates that there was no successful login. Right?
Without other lines, I'd draw the same conclusion.
>> Indeed not. I've previously used iptables rules that limit the number of
>> connection attempts per minute per IP, which can at least limit their
>> ability to brute force attack your machine, while minimising the risk of
>> accidentally blocking authorized traffic, as I've managed in the past with
>> a slightly over zealous self-protection system.
>>
> I've read about that, but never done it. I'll look into that.
I note from my (slight edited) notes...
iptables -N conlimit
iptables -A conlimit -m hashlimit --hashlimit 10/min \
--hashlimit-mode srcip --hashlimit-htable-gcinterval 36000000 \
--hashlimit-htable-expire 36000000 --hashlimit-name conhash \
-m state --state NEW -j ACCEPT
iptables -A conlimit -m state --state ESTABLISHED -j ACCEPT
iptables -A conlimit -j REJECT
iptables -A INPUT -p tcp --dport ssh -s ! 192.168.0.0/255.255.255.0 -j conlimit
> The trouble with being largely self-taught is that knowledge tends to be
> somewhat patchy :-)
Whether self taught, educated, or trained, I think that's always the case.
The trick is knowing where the patches lie.
jh
--
"When I was a boy I was told anybody could become President. I'm beginning to
believe it." -- Clarence Darrow
More information about the Wylug-help
mailing list