Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SSH server under attack...

from [Timothy Hall] Network Security [Permanent Link]
Subject: Re: SSH server under attack...
Date: Wed, 25 Jan 2006 17:38:19 -0500 
http://denyhosts.sourceforge.net/

this has the ability to block ssh (or optionally all services) attempts
by writing the offending IP address into /etc/hosts.deny.  it will also
send an email to you letting you know the IP of the entity blocked.

you may have to tweak it a bit to get it to work the way you desire... 
it is highly configurable.

the readme/faq tells you pretty much all you need to know.

not sure if it will be helpful to you in your environ, but it is worth a
try mroe than likely...

cheers!


Dave <dlaud.flux@gmail.com> 01/25/06 16:51 PM >>>

Bryan S. Sampsel wrote:


Set up portsentry on your box and configure it to drop packets from

anyone

port-scanning your box.
 


This sounds like a good idea. But I cant install portsentry on the 
router...which still can be scanned to find it's *open* ports. I think 
we are going to set up linux box as firewall using iptables and install 
portsentry etc...Off hand do you know if portsentry (or any other 
application that) will notify you in real time of any attempted 
intrusion via email?


Right there keeps him from finding what you changed the port to.

Then, change the port to some other number and restart both portsentry

and

sshd.

I'd recommend a FreeBSD or Linux firewall in front of you that you can

do

this config with as your first line defense.

Port Sentry is no longer maintained at its old home, but you can do a

web

search and find its new home easily enough.

Good luck.

Sincerely,

Bryan S. Sampsel
LibertyActivist.org
 




---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SSH server under attack..., Ansgar -59cobalt- Wiechers
Next by Date:  RE: University Degree or CISSP, Ken Kousky
Previous by Thread:  Re: SSH server under attack..., Kenton Smith
Next by Thread:  Re: SSH server under attack..., hytham . a
Indexes:  [Date] [Thread] [Top] [All Lists]