Login

Please note that this is the RHN list. You would get a
better answer on the taroon list. See the list archive for
many many instances of such off-topic posting.



----- Original Message -----
From: Cedric Porte <cedric.portefr.ibm.com>
To: Discussions about Red Hat Network (rhn.redhat.com)
<rhn-usersredhat.com>
Sent: Thursday, December 7, 2006 4:54:54 PM GMT+0000
Subject: Re: [rhn-users] Login


Hi Dr. Laval, 

Which protocol do you use to login ? SSH (port 22), Telnet
(port 23) ? 
I think is more efficient to block access to login for
everyone except for authorized IP. 
Can you use this politic security in your environment ? 

Cordialement, 

Cédric Porte 
Web Hosting Technical Customer Manager 
PHONE: +33 4 92 11 41 77 ( TL : 36-4177) 
Email: cedric.portefr.ibm.com 


	"Philippe B. Laval" < plavalkennesaw.edu > 
Sent by: rhn-users-bouncesredhat.com 

07/12/2006 17:29 	
Please respond to 
"Discussions about Red Hat Network
(rhn.redhat.com)" < rhn-usersredhat.com > 
		
To 	"'Discussions about Red Hat Network
(rhn.redhat.com)'" < rhn-usersredhat.com > 
	
cc 	
	
Subject 	[rhn-users] Login 
		



Running Linux Es 3.0. Is there a way to configure logins so
they are rejected after a certain number of failures? I can
see from my logs that somebody has been trying to get into
my system. They consistently (like every few seconds) try to
log in as a certain user. After a while, they give up and
try another user. What is the best way to handle this. I
would like to be able to set up each account so they are
blocked after a certain number of failures. I also would
like to be able to block certain IP addresses after a
certain number of failed logins, even if they were for
different user names. 

Thanks 

P. Laval 



Dr. Philippe B. Laval 
Associate Professor of Mathematics 
Kennesaw State University 
1000 Chastain Road 
Kennesaw, GA 30144 
USA 

office : SC 526 
Phone : 770-499-3325 
fax : 404-364-0552 
e-mail : plavalkennesaw.edu 
web: http://science.ke
nnesaw.edu/~plaval
_______________________________________________ 
rhn-users mailing list 
rhn-usersredhat.com 
htt
ps://www.redhat.com/mailman/listinfo/rhn-users 


-- 
Simon Elliston Ball
Infrastructure Manager
Cromwell Business Systems

Please consider the environment - do you really need to
print this email?


This email is sent on behalf of Cromwell Business Systems
Ltd. and is strictly confidential and intended solely for
the addressee(s).  It may contain personal and confidential
information and as such may be protected by the Data
Protection Act 1998.

If you are not the intended recipient of this email you
must: (i) not disclose, copy or distribute its contents to
any other person nor use its contents in any way or you may
be acting unlawfully;  (ii) contact Cromwell Business
Systems immediately on +44 (0)1353 650900 quoting the name
of the sender and the addressee then delete it from your
system.

Any views or opinions expressed within this email are those
of the author, and do not necessarily represent those of
Cromwell Business Systems.

Cromwell Business Systems have scanned this email for
viruses but does not accept any responsibility once this
email has been transmitted.  You should scan attachments (if
any) for viruses.

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users

Hi, Rajan Mithani here...
Friends if u wann to block any perticular IP you can use
IPCHAINS (
IPTABLES) which acts as a FIREWALL to block various IP
Addresses
Also using IPTABLES you can restict variou outside user to
access SSH,
FTP n various other services...
This is one way to allow security for outsiders..

For further contacts
Rajan Mithani
RHCE.
+91 9890312230
email: rajan(dot)mithani(at)gmail.com
          rajan.mithanigmail.com

On 12/7/06, Simon Ball <sballcromwells.co.uk> wrote:
> Please note that this is the RHN list. You would get a
better answer on the taroon list. See the list archive for
many many instances of such off-topic posting.
>
>
>
> ----- Original Message -----
> From: Cedric Porte <cedric.portefr.ibm.com>
> To: Discussions about Red Hat Network (rhn.redhat.com)
<rhn-usersredhat.com>
> Sent: Thursday, December 7, 2006 4:54:54 PM GMT+0000
> Subject: Re: [rhn-users] Login
>
>
> Hi Dr. Laval,
>
> Which protocol do you use to login ? SSH (port 22),
Telnet (port 23) ?
> I think is more efficient to block access to login for
everyone except for authorized IP.
> Can you use this politic security in your environment ?
>
> Cordialement,
>
> Cédric Porte
> Web Hosting Technical Customer Manager
> PHONE: +33 4 92 11 41 77 ( TL : 36-4177)
> Email: cedric.portefr.ibm.com
>
>
>        "Philippe B. Laval" < plavalkennesaw.edu >
> Sent by: rhn-users-bouncesredhat.com
>
> 07/12/2006 17:29
> Please respond to
> "Discussions about Red Hat Network
(rhn.redhat.com)" < rhn-usersredhat.com >
>
> To      "'Discussions about Red Hat Network
(rhn.redhat.com)'" < rhn-usersredhat.com >
>
> cc
>
> Subject         [rhn-users] Login
>
>
>
>
> Running Linux Es 3.0. Is there a way to configure
logins so they are rejected after a certain number of
failures? I can see from my logs that somebody has been
trying to get into my system. They consistently (like every
few seconds) try to log in as a certain user. After a while,
they give up and try another user. What is the best way to
handle this. I would like to be able to set up each account
so they are blocked after a certain number of failures. I
also would like to be able to block certain IP addresses
after a certain number of failed logins, even if they were
for different user names.
>
> Thanks
>
> P. Laval
>
>
>
> Dr. Philippe B. Laval
> Associate Professor of Mathematics
> Kennesaw State University
> 1000 Chastain Road
> Kennesaw, GA 30144
> USA
>
> office : SC 526
> Phone : 770-499-3325
> fax : 404-364-0552
> e-mail : plavalkennesaw.edu
> web: http://science.ke
nnesaw.edu/~plaval
_______________________________________________
> rhn-users mailing list
> rhn-usersredhat.com
> htt
ps://www.redhat.com/mailman/listinfo/rhn-users
>
>
> --
> Simon Elliston Ball
> Infrastructure Manager
> Cromwell Business Systems
>
> Please consider the environment - do you really need to
print this email?
>
>
> This email is sent on behalf of Cromwell Business
Systems Ltd. and is strictly confidential and intended
solely for the addressee(s).  It may contain personal and
confidential information and as such may be protected by the
Data Protection Act 1998.
>
> If you are not the intended recipient of this email you
must: (i) not disclose, copy or distribute its contents to
any other person nor use its contents in any way or you may
be acting unlawfully;  (ii) contact Cromwell Business
Systems immediately on +44 (0)1353 650900 quoting the name
of the sender and the addressee then delete it from your
system.
>
> Any views or opinions expressed within this email are
those of the author, and do not necessarily represent those
of Cromwell Business Systems.
>
> Cromwell Business Systems have scanned this email for
viruses but does not accept any responsibility once this
email has been transmitted.  You should scan attachments (if
any) for viruses.
>
> _______________________________________________
> rhn-users mailing list
> rhn-usersredhat.com
> htt
ps://www.redhat.com/mailman/listinfo/rhn-users
>

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users

Thanks to all the suggestions I got.  I am not a security
expert on systems,
but I have learned some since my system has been attacked. 
Hackers usually
attack a system from other systems.  When they have been
discovered
attacking from a system, they'll switch to a new one. 
Therefore, the IP
addresses from which they attack are never the same. 
However, they can be
spotted.  Usually, the logs will show a specific IP address
either trying to
log into a single account repeatedly (meaning they are
trying various
passwords) or trying various accounts (meaning the hacker is
trying to find
an existing account on the machine).  I was hoping (am
hoping) that there is
some software who can track this.  When a login fails, the
software should
be able to determine if that IP is a legitimate user who
just typed the
wrong password or somebody conducting a systematic attack of
the system.
Does such a protection exist?

Thanks

 
 
Dr. Philippe B. Laval
Associate Professor of Mathematics
Kennesaw State University
1000 Chastain Road
Kennesaw, GA 30144
USA
 
office: SC 526
Phone: 770-499-3325
fax: 404-364-0552
e-mail: plavalkennesaw.edu
web: http://science.ke
nnesaw.edu/~plaval
 

-----Original Message-----
From: rhn-users-bouncesredhat.com [mailto:rhn-users-bouncesredhat.com] On
Behalf Of Rajan Mithani
Sent: Friday, December 08, 2006 3:54 AM
To: Discussions about Red Hat Network (rhn.redhat.com)
Subject: Re: [rhn-users] Login

Hi, Rajan Mithani here...
Friends if u wann to block any perticular IP you can use
IPCHAINS (
IPTABLES) which acts as a FIREWALL to block various IP
Addresses
Also using IPTABLES you can restict variou outside user to
access SSH,
FTP n various other services...
This is one way to allow security for outsiders..

For further contacts
Rajan Mithani
RHCE.
+91 9890312230
email: rajan(dot)mithani(at)gmail.com
          rajan.mithanigmail.com

On 12/7/06, Simon Ball <sballcromwells.co.uk> wrote:
> Please note that this is the RHN list. You would get a
better answer on
the taroon list. See the list archive for many many
instances of such
off-topic posting.
>
>
>
> ----- Original Message -----
> From: Cedric Porte <cedric.portefr.ibm.com>
> To: Discussions about Red Hat Network (rhn.redhat.com)
<rhn-usersredhat.com>
> Sent: Thursday, December 7, 2006 4:54:54 PM GMT+0000
> Subject: Re: [rhn-users] Login
>
>
> Hi Dr. Laval,
>
> Which protocol do you use to login ? SSH (port 22),
Telnet (port 23) ?
> I think is more efficient to block access to login for
everyone except for
authorized IP.
> Can you use this politic security in your environment ?
>
> Cordialement,
>
> Cédric Porte
> Web Hosting Technical Customer Manager
> PHONE: +33 4 92 11 41 77 ( TL : 36-4177)
> Email: cedric.portefr.ibm.com
>
>
>        "Philippe B. Laval" < plavalkennesaw.edu >
> Sent by: rhn-users-bouncesredhat.com
>
> 07/12/2006 17:29
> Please respond to
> "Discussions about Red Hat Network
(rhn.redhat.com)" <
rhn-usersredhat.com >
>
> To      "'Discussions about Red Hat Network
(rhn.redhat.com)'" <
rhn-usersredhat.com >
>
> cc
>
> Subject         [rhn-users] Login
>
>
>
>
> Running Linux Es 3.0. Is there a way to configure
logins so they are
rejected after a certain number of failures? I can see from
my logs that
somebody has been trying to get into my system. They
consistently (like
every few seconds) try to log in as a certain user. After a
while, they give
up and try another user. What is the best way to handle
this. I would like
to be able to set up each account so they are blocked after
a certain number
of failures. I also would like to be able to block certain
IP addresses
after a certain number of failed logins, even if they were
for different
user names.
>
> Thanks
>
> P. Laval
>
>
>
> Dr. Philippe B. Laval
> Associate Professor of Mathematics
> Kennesaw State University
> 1000 Chastain Road
> Kennesaw, GA 30144
> USA
>
> office : SC 526
> Phone : 770-499-3325
> fax : 404-364-0552
> e-mail : plavalkennesaw.edu
> web: http://science.ke
nnesaw.edu/~plaval
_______________________________________________
> rhn-users mailing list
> rhn-usersredhat.com
> htt
ps://www.redhat.com/mailman/listinfo/rhn-users
>
>
> --
> Simon Elliston Ball
> Infrastructure Manager
> Cromwell Business Systems
>
> Please consider the environment - do you really need to
print this email?
>
>
> This email is sent on behalf of Cromwell Business
Systems Ltd. and is
strictly confidential and intended solely for the
addressee(s).  It may
contain personal and confidential information and as such
may be protected
by the Data Protection Act 1998.
>
> If you are not the intended recipient of this email you
must: (i) not
disclose, copy or distribute its contents to any other
person nor use its
contents in any way or you may be acting unlawfully;  (ii)
contact Cromwell
Business Systems immediately on +44 (0)1353 650900 quoting
the name of the
sender and the addressee then delete it from your system.
>
> Any views or opinions expressed within this email are
those of the author,
and do not necessarily represent those of Cromwell Business
Systems.
>
> Cromwell Business Systems have scanned this email for
viruses but does not
accept any responsibility once this email has been
transmitted.  You should
scan attachments (if any) for viruses.
>
> _______________________________________________
> rhn-users mailing list
> rhn-usersredhat.com
> htt
ps://www.redhat.com/mailman/listinfo/rhn-users
>

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users



_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users