hack attempt - what to do
Jason Shein
jason-xgs8i/e9EeWTtA8H5PvdGCwD8/FfD2ys at public.gmane.org
Fri Aug 6 04:20:24 UTC 2004
Noah John Gellner wrote:
>Today some punk tried to hack my system by trying to log in as root to
>my ssh server. There was no problem and I mailed Abuse and Admin at his
>ISP. This attempt was unusual due to the number of attempts. I notice a
>couple of HTTP attacks every day. What do people do about this nonsense.
>I am thinking of starting to aggressively mail ISPs as determined by
>whois and demand that users be warned and/or censured. Any thoughts?
>
>
>
This works well
http://www.cipherdyne.org/fwknop/
-snip-
fwknop stands for "Firewall Knock Operator"
fwknop implements network access controls (via iptables) based on a
flexible port knocking mini-language, but with a twist; it combines port
knocking and passive operating system fingerprinting to make it possible
to do things like only allow, say, Linux-2.4/2.6 systems to connect to
your SSH daemon.
fwknop supports shared, multi-protocol port knock sequences along with
both relative and absolute timeouts, and coded port knock sequences
encrypted with the Rijndael block cipher.
-snip-
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list