[Techtalk] Security question
Maria McKinley
maria at shadlen.org
Thu Mar 13 06:10:18 UTC 2008
mgmonza at faeroes.freeshell.org wrote:
> If I have hosts.deny set to all.paranoid and hosts.allow set like this:
>
> ALL: myid at myother.place.org
> All: 321.12.123.333
>
> (fake IP address there)
>
> can attacks from outside get in to use ftp, ssh etc? I thought not, but
> Firestarter's kinda scaring me with what's coming in.
>
> Thanks for the help.
>
> Kathy
>
from my hosts.deny:
# The PARANOID wildcard matches any host whose name does not match its
# address. You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
So, I think as long as a host matches its ip, it can attempt to login.
Not sure if there is a way to say deny everything, absolutely, except
what is in hosts.allow.
If you are worried about ssh dictionary attacks, I would recommend
denyhosts.
http://denyhosts.sourceforge.net/
It says basically, if someone tries to login x amount of times (you
control x) and fails, don't let them try anymore.
Hope this helps...
cheers,
maria
More information about the Techtalk
mailing list