RRe: How to report Internet Abuse

Michael Havens bmike1 at gmail.com
Tue Jul 27 12:51:04 MST 2010 

that was really a good post!

On Tue, Jul 27, 2010 at 12:45 PM, gm5729 <gm5729 at gmail.com> wrote:

> You can't stop a server from hitting you. It's impossible.
>
> You can stop it from getting into your network.
>
> Three quickies are a proper IPTables
> A new invention called hosts.allow/hosts.deny. You can block whole
> countries this way. I have about a dozen that I do.
> Making sure your first line of defense -- the router is configure
> properly. Mine basically has a hosts.allow/hosts.deny function on it
> so I use it.
>
> If it is a specific port you use for whatever: port knocking, adjust
> the port above 2000 so that perchance someone gets in they only have
> user level perms. If it is port 22. Make sure your ssh/sshd files are
> properly configured. You can nail down to a specific IP and/or
> user/group that is supposed to use SSH.
>
> Use PAM.
>
> Make sure your /etc/sysctl.conf file is properly configured.
>
> Make sure your kernel is stack hardened. I like Zen, but others like
> others. If you need super security there is always IPSec, GRsec sp?
> and even SELinux.
>
> Ensure sane compliance to passphrases.
>
> You can use sshguard, fail2ban or the like to slow down robots. They
> like to hit hard and fast. If you slow them down to 15 mins of having
> to wait to try 3 more times. They get bored and move on.
>
> Don't know what kind of distro you use. Change your shadow file to
> blowfish, which might require a kernel recompile as most don't go that
> far OR use the highest level of passphrase encryption possible which
> is SHA512. Most distros only use MD5.....    I'm going to include SSH
> in here. DUMP ALL encryption below 256 bits. SSL3 and TLS are the most
> secure. DES by itself is not, but DES3 is... basically be smart.
>
> Permissions, permissions, permissions. Don't use world readable files
> if not necessary.
>
> Make sure you have a robots.txt file in your Apache Setup.
>
> Anyway,....
>
> vp
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20100727/f79b0b12/attachment.html>

More information about the PLUG-discuss mailing list