[SlugLUG] War Stories

Rohan Sheth rohan at rohan.ws
Sun Jun 11 19:04:32 PDT 2006 

The best way of locking out would-be crackers/hackers that I have used
is simply denying root login in /etc/ssh/sshd_config.  Most people can
try to bruteforce my machines, but they would need to first know my
login name and then my password.  If root login was enabled through ssh,
they would simply have to brute the password.

--Rohan

Erich Blume wrote:
> So, I had a -lot- of fun earlier today reading through my logfiles. It turns
> out yesterday I was the subject of a massive brute-force attempt to break in
> to my system. I took some appropriate steps and confirmed that the machines
> that were doing the probing were part of a zombie-net.
>
> My security did admirably in all respects except a few, and so now I come to
> you all and ask for help in fixing them.
>
> Firstly, how can I set up sshd to shut out an IP temporarily after say, six
> failed logins? Currently the only limiting factor is the three or four
> second delay between password prompts and the pam rejection after three
> tries. A five-minute shutout period would, at the vary least, deter a
> brute-force attempt.
>
> Secondly, how can I set up my logger (metalog) to email me (at
> eblume at ucsc.edu) when a lot of this bad stuff starts happening?
>
> Thirdly, any other suggestions?
>
> I was serious about having fun, though. It's very vindicating for your
> firewall, etc. to work properly.
>
> On this note, though: I've noticed something that seemed liked a very good
> idea. This might be really obvious and common practice, but I figured it out
> on my own, and I'd like to put this to you RFC. See, I set my system
> password to something like a twenty-digit random sequence. I don't remember
> it, the idea is that it's a scrambled password. I have sudo set up to let
> people in wheel have root access, though. Is this a bad idea? Am I in
> trouble, doing that?
>
> Thanks,
> Erich 
>
>
> _______________________________________________
> Sluglug mailing list
> Sluglug at sluglug.ucsc.edu
> http://sluglug.ucsc.edu/cgi-bin/mailman/listinfo/sluglug
>
>
>   


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://sluglug.ucsc.edu/pipermail/sluglug/attachments/20060611/779af3a1/signature.pgp

More information about the Sluglug mailing list