[Techtalk] Security question
maria at shadlen.org
Thu Mar 13 06:10:18 UTC 2008
mgmonza at faeroes.freeshell.org wrote:
> If I have hosts.deny set to all.paranoid and hosts.allow set like this:
> ALL: myid at myother.place.org
> All: 318.104.22.1683
> (fake IP address there)
> can attacks from outside get in to use ftp, ssh etc? I thought not, but
> Firestarter's kinda scaring me with what's coming in.
> Thanks for the help.
from my hosts.deny:
# The PARANOID wildcard matches any host whose name does not match its
# address. You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
So, I think as long as a host matches its ip, it can attempt to login.
Not sure if there is a way to say deny everything, absolutely, except
what is in hosts.allow.
If you are worried about ssh dictionary attacks, I would recommend
It says basically, if someone tries to login x amount of times (you
control x) and fails, don't let them try anymore.
Hope this helps...
More information about the Techtalk