gnhlug-discuss digest, Vol 1 #1694 - 1 msg

Joseph mangg at yahoo.com
Mon Dec 19 12:21:02 EST 2005


Hello Bill/Bruce,
   
    Does this SSH server face the internet?  Is there a stand alone firewall in front of this ssh server (and I don't mean Iptables on the machine)?  Why no IPSEC or SSL VPN instead?  As for the SSH blacklisting check out this http://www.pettingers.org/code/sshblack.html
   
  Thanks,
  Joe

gnhlug-discuss-request at mail.gnhlug.org wrote:
  Send gnhlug-discuss mailing list submissions to
gnhlug-discuss at mail.gnhlug.org

To subscribe or unsubscribe via the World Wide Web, visit
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
or, via email, send a message with subject or body 'help' to
gnhlug-discuss-request at mail.gnhlug.org

You can reach the person managing the list at
gnhlug-discuss-admin at mail.gnhlug.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of gnhlug-discuss digest..."


Today's Topics:

1. Re: Ruminations on an SSH attack (Bruce Dawson)

--__--__--

Message: 1
Date: Mon, 19 Dec 2005 11:17:49 -0500
From: Bruce Dawson 
To: Bill Sconce 
CC: GNHLUG 
Subject: Re: Ruminations on an SSH attack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bill Sconce wrote:

|...
|I'll check into DenyHosts. And each of the other tips. Thank you all.
|And perhaps because of this list someone else will be saved the whole
hassle.

Beware of DenyHosts... A long, long time ago, at an ISP very far away,
I tried doing this (and this was before the days of Protocol Version
2, but that's another story ;-).

It turned out a host I had denied was the IT director's home IP
address. Evidently his machine was compromised and he wasn't aware of
it, and someone was using it to gain access to his ISP network (which
is how I discovered it and got into this situation).

However, once he scrubbed his system and tried to use it to work at
home, he couldn't get in because I had denied his IP w/tcpwrappers. It
took a while before I realized who the person on the other end of the
phone was, what the real problem was, and removed the /etc/hosts.deny
entry.

Also, you need to beware of ISPs who use proxy servers - like AOL,
Yahoo, PowerNet, ... Blocking one of those can block a lot of
legitimate users.

I wish there was something like RBL that listed bogons so I could
block them. A lot of attacks lately have been coming from them.

- --Bruce

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDpt0t/TBScWXa5IgRApMrAJ957xLhwA05JF8tM/mGKUyigU8JQACgrVx3
Ao1DlNOAjlqAZuccsngUj6k=
=Hd4A
-----END PGP SIGNATURE-----



--__--__--

_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss at mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss


End of gnhlug-discuss Digest
  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20051219/19e76a66/attachment.html


More information about the gnhlug-discuss mailing list