How about disabling password authentication and requiring
public
key/private key?
Philippe B. Laval wrote:
> Thanks to all the suggestions I got. I am not a
security expert on systems,
> but I have learned some since my system has been
attacked. Hackers usually
> attack a system from other systems. When they have
been discovered
> attacking from a system, they'll switch to a new one.
Therefore, the IP
> addresses from which they attack are never the same.
However, they can be
> spotted. Usually, the logs will show a specific IP
address either trying to
> log into a single account repeatedly (meaning they are
trying various
> passwords) or trying various accounts (meaning the
hacker is trying to find
> an existing account on the machine). I was hoping (am
hoping) that there is
> some software who can track this. When a login fails,
the software should
> be able to determine if that IP is a legitimate user
who just typed the
> wrong password or somebody conducting a systematic
attack of the system.
> Does such a protection exist?
>
> Thanks
>
>
>
> Dr. Philippe B. Laval
> Associate Professor of Mathematics
> Kennesaw State University
> 1000 Chastain Road
> Kennesaw, GA 30144
> USA
>
> office: SC 526
> Phone: 770-499-3325
> fax: 404-364-0552
> e-mail: plaval kennesaw.edu
> web: http://science.ke
nnesaw.edu/~plaval
>
>
> -----Original Message-----
> From: rhn-users-bouncesredhat.com
[mailto:rhn-users-bouncesredhat.com] On
> Behalf Of Rajan Mithani
> Sent: Friday, December 08, 2006 3:54 AM
> To: Discussions about Red Hat Network (rhn.redhat.com)
> Subject: Re: [rhn-users] Login
>
> Hi, Rajan Mithani here...
> Friends if u wann to block any perticular IP you can
use IPCHAINS (
> IPTABLES) which acts as a FIREWALL to block various IP
Addresses
> Also using IPTABLES you can restict variou outside user
to access SSH,
> FTP n various other services...
> This is one way to allow security for outsiders..
>
> For further contacts
> Rajan Mithani
> RHCE.
> +91 9890312230
> email: rajan(dot)mithani(at)gmail.com
> rajan.mithanigmail.com
>
> On 12/7/06, Simon Ball <sballcromwells.co.uk> wrote:
>
>>Please note that this is the RHN list. You would get
a better answer on
>
> the taroon list. See the list archive for many many
instances of such
> off-topic posting.
>
>>
>>
>>----- Original Message -----
>>From: Cedric Porte <cedric.portefr.ibm.com>
>>To: Discussions about Red Hat Network
(rhn.redhat.com)
>
> <rhn-usersredhat.com>
>
>>Sent: Thursday, December 7, 2006 4:54:54 PM GMT+0000
>>Subject: Re: [rhn-users] Login
>>
>>
>>Hi Dr. Laval,
>>
>>Which protocol do you use to login ? SSH (port 22),
Telnet (port 23) ?
>>I think is more efficient to block access to login
for everyone except for
>
> authorized IP.
>
>>Can you use this politic security in your
environment ?
>>
>>Cordialement,
>>
>>Cédric Porte
>>Web Hosting Technical Customer Manager
>>PHONE: +33 4 92 11 41 77 ( TL : 36-4177)
>>Email: cedric.portefr.ibm.com
>>
>>
>> "Philippe B. Laval" < plavalkennesaw.edu >
>>Sent by: rhn-users-bouncesredhat.com
>>
>>07/12/2006 17:29
>>Please respond to
>>"Discussions about Red Hat Network
(rhn.redhat.com)" <
>
> rhn-usersredhat.com >
>
>>To "'Discussions about Red Hat Network
(rhn.redhat.com)'" <
>
> rhn-usersredhat.com >
>
>>cc
>>
>>Subject [rhn-users] Login
>>
>>
>>
>>
>>Running Linux Es 3.0. Is there a way to configure
logins so they are
>
> rejected after a certain number of failures? I can see
from my logs that
> somebody has been trying to get into my system. They
consistently (like
> every few seconds) try to log in as a certain user.
After a while, they give
> up and try another user. What is the best way to handle
this. I would like
> to be able to set up each account so they are blocked
after a certain number
> of failures. I also would like to be able to block
certain IP addresses
> after a certain number of failed logins, even if they
were for different
> user names.
>
>>Thanks
>>
>>P. Laval
>>
>>
>>
>>Dr. Philippe B. Laval
>>Associate Professor of Mathematics
>>Kennesaw State University
>>1000 Chastain Road
>>Kennesaw, GA 30144
>>USA
>>
>>office : SC 526
>>Phone : 770-499-3325
>>fax : 404-364-0552
>>e-mail : plavalkennesaw.edu
>>web: http://science.ke
nnesaw.edu/~plaval
>
> _______________________________________________
>
>>rhn-users mailing list
>>rhn-usersredhat.com
>>htt
ps://www.redhat.com/mailman/listinfo/rhn-users
>>
>>
>>--
>>Simon Elliston Ball
>>Infrastructure Manager
>>Cromwell Business Systems
>>
>>Please consider the environment - do you really need
to print this email?
>>
>>
>>This email is sent on behalf of Cromwell Business
Systems Ltd. and is
>
> strictly confidential and intended solely for the
addressee(s). It may
> contain personal and confidential information and as
such may be protected
> by the Data Protection Act 1998.
>
>>If you are not the intended recipient of this email
you must: (i) not
>
> disclose, copy or distribute its contents to any other
person nor use its
> contents in any way or you may be acting unlawfully;
(ii) contact Cromwell
> Business Systems immediately on +44 (0)1353 650900
quoting the name of the
> sender and the addressee then delete it from your
system.
>
>>Any views or opinions expressed within this email
are those of the author,
>
> and do not necessarily represent those of Cromwell
Business Systems.
>
>>Cromwell Business Systems have scanned this email
for viruses but does not
>
> accept any responsibility once this email has been
transmitted. You should
> scan attachments (if any) for viruses.
>
>>_______________________________________________
>>rhn-users mailing list
>>rhn-usersredhat.com
>>htt
ps://www.redhat.com/mailman/listinfo/rhn-users
>>
>
>
> _______________________________________________
> rhn-users mailing list
> rhn-usersredhat.com
> htt
ps://www.redhat.com/mailman/listinfo/rhn-users
>
>
>
> _______________________________________________
> rhn-users mailing list
> rhn-usersredhat.com
> htt
ps://www.redhat.com/mailman/listinfo/rhn-users
>
_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users
|