[Techtalk] Security question

Maria McKinley maria at shadlen.org
Thu Mar 13 06:10:18 UTC 2008


mgmonza at faeroes.freeshell.org wrote:
> If I have hosts.deny set to all.paranoid and hosts.allow set like this:
> 
> ALL:  myid at myother.place.org
> All:  321.12.123.333
> 
> (fake IP address there)
> 
> can attacks from outside get in to use ftp, ssh etc?  I thought not, but 
> Firestarter's kinda scaring me with what's coming in.
> 
> Thanks for the help.
> 
> Kathy
> 

from my hosts.deny:
# The PARANOID wildcard matches any host whose name does not match its
# address. You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.

So, I think as long as a host matches its ip, it can attempt to login. 
Not sure if there is a way to say deny everything, absolutely, except 
what is in hosts.allow.

If you are worried about ssh dictionary attacks, I would recommend 
denyhosts.

http://denyhosts.sourceforge.net/

It says basically, if someone tries to login x amount of times (you 
control x) and fails, don't let them try anymore.

Hope this helps...

cheers,
maria


More information about the Techtalk mailing list