[Techtalk] Security question
mgmonza at otaku.freeshell.org
mgmonza at otaku.freeshell.org
Thu Mar 13 20:31:40 UTC 2008
Thanks - I've seen hosts deny referenced a number of places. Looks like a
good time to download and set it up.
Kathy
On Wed, 12 Mar 2008, Maria McKinley wrote:
> Date: Wed, 12 Mar 2008 23:10:18 -0700
> From: Maria McKinley <maria at shadlen.org>
> To: mgmonza at faeroes.freeshell.org
> Cc: techtalk at linuxchix.org
> Subject: Re: [Techtalk] Security question
>
> mgmonza at faeroes.freeshell.org wrote:
>> If I have hosts.deny set to all.paranoid and hosts.allow set like this:
>>
>> ALL: myid at myother.place.org
>> All: 321.12.123.333
>>
>> (fake IP address there)
>>
>> can attacks from outside get in to use ftp, ssh etc? I thought not, but
>> Firestarter's kinda scaring me with what's coming in.
>>
>> Thanks for the help.
>>
>> Kathy
>>
>
> from my hosts.deny:
> # The PARANOID wildcard matches any host whose name does not match its
> # address. You may wish to enable this to ensure any programs that don't
> # validate looked up hostnames still leave understandable logs. In past
> # versions of Debian this has been the default.
>
> So, I think as long as a host matches its ip, it can attempt to login.
> Not sure if there is a way to say deny everything, absolutely, except
> what is in hosts.allow.
>
> If you are worried about ssh dictionary attacks, I would recommend
> denyhosts.
>
> http://denyhosts.sourceforge.net/
>
> It says basically, if someone tries to login x amount of times (you
> control x) and fails, don't let them try anymore.
>
> Hope this helps...
>
> cheers,
> maria
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>
More information about the Techtalk
mailing list