[SlugLUG] War Stories

Erich Blume eblume at ucsc.edu
Sun Jun 11 19:13:23 PDT 2006 

Oh, agreed. I did that ages ago. He guessed about 500 user names - without a
doubt it would take him centuries and centuries to guess a correct
password/username combo. But if I could set it to do that IP blocking thing,
that'd at least make me feel a bit more secure.

-Erich

On 6/11/06 7:04 PM, "Rohan Sheth" <rohan at rohan.ws> wrote:

> The best way of locking out would-be crackers/hackers that I have used
> is simply denying root login in /etc/ssh/sshd_config.  Most people can
> try to bruteforce my machines, but they would need to first know my
> login name and then my password.  If root login was enabled through ssh,
> they would simply have to brute the password.
> 
> --Rohan
> 
> Erich Blume wrote:
>> So, I had a -lot- of fun earlier today reading through my logfiles. It turns
>> out yesterday I was the subject of a massive brute-force attempt to break in
>> to my system. I took some appropriate steps and confirmed that the machines
>> that were doing the probing were part of a zombie-net.
>> 
>> My security did admirably in all respects except a few, and so now I come to
>> you all and ask for help in fixing them.
>> 
>> Firstly, how can I set up sshd to shut out an IP temporarily after say, six
>> failed logins? Currently the only limiting factor is the three or four
>> second delay between password prompts and the pam rejection after three
>> tries. A five-minute shutout period would, at the vary least, deter a
>> brute-force attempt.
>> 
>> Secondly, how can I set up my logger (metalog) to email me (at
>> eblume at ucsc.edu) when a lot of this bad stuff starts happening?
>> 
>> Thirdly, any other suggestions?
>> 
>> I was serious about having fun, though. It's very vindicating for your
>> firewall, etc. to work properly.
>> 
>> On this note, though: I've noticed something that seemed liked a very good
>> idea. This might be really obvious and common practice, but I figured it out
>> on my own, and I'd like to put this to you RFC. See, I set my system
>> password to something like a twenty-digit random sequence. I don't remember
>> it, the idea is that it's a scrambled password. I have sudo set up to let
>> people in wheel have root access, though. Is this a bad idea? Am I in
>> trouble, doing that?
>> 
>> Thanks,
>> Erich 
>> 
>> 
>> _______________________________________________
>> Sluglug mailing list
>> Sluglug at sluglug.ucsc.edu
>> http://sluglug.ucsc.edu/cgi-bin/mailman/listinfo/sluglug
>> 
>> 
>>   
> 
> 
> _______________________________________________
> Sluglug mailing list
> Sluglug at sluglug.ucsc.edu
> http://sluglug.ucsc.edu/cgi-bin/mailman/listinfo/sluglug

More information about the Sluglug mailing list