Got hacked?

Darrin Chandler dwchandler at stilyagin.com
Fri Feb 23 20:44:11 MST 2007 

On Fri, Feb 23, 2007 at 07:02:26PM -0700, Bryan O'Neal wrote:
> I port translate SSH and direct forward to a single box which I can use
> to get to the rest of my network.  I only allow  access from my home
> network and my company network.  I can VPN into my company if I need to
> get home while on the road.  I do like password authentication because I
> often have to call some one (like my wife or my most trusted co worker)
> and walk them through a connection when I need information and do not
> have network access.  It is easy to change a password, it is harder to
> fedex a thumb drive from the middle of the outback.

You can leave thumb drives or diskettes with your wife and coworkers.
They'll still need your password to use the key, and you can still
change keys when you get back. Just a tiny bit of preparation...

> On my windows boxes I eliminate brute force attacks by having it lock
> out any account for 2 seconds after a wrong password and 15 minuets
> after 10 wrong passwords.  But I don't know how to configure this on
> Linux?  

I don't know of any apples to apples way, but I bet the same goal can be
met somehow. Using BSDs PF rules (similar to ipchains) it would be
something like this:

table <evil-hosts> persist
block in quick from <evil-hosts>
pass in log on $ext_if inet proto tcp from any to any port ssh \
	flags S/SA keep state \
        (max-src-conn-rate 10/60, overload <evil-hosts> flush global)

which says...
1. block IP addresses in table evil-hosts
2. let people in for ssh and establish state, more than 10 connections
   in 60 seconds puts you in a table and drops your connection.

There's probably something very much like that capability in ipchains.
Since I use PK auth it's not really needed, but I use it sometimes to
stop the script kids from filling up my logs. It's nice to see in the
logs: attempt, attempt, attempt, ... *plonk*, where'd they go? :-)

-- 
Darrin Chandler                   |  Phoenix BSD Users Group
dwchandler at stilyagin.com          |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/darrin/  |

More information about the PLUG-discuss mailing list