IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1834.75 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-08-03
[20:17]<rlraxne>1) allow only ssh2 (disable ssh1) protocol
[20:17]<rlraxne>2) disallow root from directly login through ssh (login as regular user and then run "su -" if you need to become root)
[20:17]<rlraxne>3) move ssh to another port of your choice
[20:17]<rlraxne>4) put a limit in iptables which will limit NEW packets per sourceip
[20:18]<zjwd_>Apachez: do you know the recent module ?
[20:19]<rlraxne>nop
[20:21]<zjwd_>Apachez: thanks for trying to help me, but I am trying to use this module as you can see from my iptable rules.
[20:29]<rlraxne>perhaps you can fix point 1-3 at least ?
[20:31]<zjwd_>Apachez: as I told you I have done that already for 1 and 2. 3 is not a good solution for my use case
[20:33]<vyrn-vnzsr>what's the goal here, limit ssh login attempts?
[20:36]<zjwd_>vice-versa: yes, I wanted no more than 2 attempts per 2 minutes
[20:36]<zjwd_>vice-versa: but any attempt is dropped
[20:37]<zjwd_>vice-versa: trying to ssh myself, this is the log from syslog: http://rafb.net/paste/results/ghSIyI39.html
[20:40]<zjwd_>vice-versa: sorry, I made a mistake. I can ssh to myself "ssh 192.168.1.105" but not using my dyndns address: "ssh roxy.dyndns.org"
[20:41]<vyrn-vnzsr>roxy_: I'll pastebin the relevant bits from my script on how I accomplish this if you're interested
[20:42]<zjwd_>vice-versa: thanks I got a script: http://www.debian-administration.org/articles/187 . I am more trying to understand why it is not working.
[20:44]<vyrn-vnzsr>roxy_: did you try it with those exact rules before changing the --update and --hitcount values?
[20:45]<zjwd_>vice-versa: no, but that sounds like a good idea :-)
[20:46]<zjwd_>vice-versa: I think a icmp packet could come from my router before the ssh packet comes in
[20:47]<vyrn-vnzsr>roxy_: yeah, try it mine are very similar -A ssh_inbound -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP
[20:50]<vyrn-vnzsr>I use a ssh_inbound custom chain that has rules to trust, (ACCEPT), LAN connections as well as some trusted statics, the rest of the connection attempts are then matched against the resent rules
[20:53]<vyrn-vnzsr>I also drop attempts from well known abusers, 61.0.0.0/8, 211.0.0.0/8, 210.0.0.0/8 etc
[21:05]<2rfju>that leads to an interesting question, is it possible to redirect offenders to another port? to install a ssh honeypot there
[21:05]<vyrn-vnzsr>why bother
[21:06]<2rfju>might be fun watching the kiddys how they try to hack a server with a fake shell
[21:07]<vyrn-vnzsr>myself I think that would just invite potential problems
[21:08]<vyrn-vnzsr>geeks are a strange lot, retaliation come to mind ;)
[21:08]<rlraxne>honeypots are fun :)
[21:10]<zjwd_>vice-versa: finaly got it to work, thanks for your help
[21:56]<fyguw_drgau>.
[22:45]<afnw>So what's the easiest way to assign an external IP to a box if my iptables box has 8 IPs available to it? :)
[23:04]<-- svgvsdyzgjvr xrs>/dev/null")
[23:04]<2rfju>alex, ifconfig eth0 1.2.3.4
[23:05]<afnw>Sorry - to a box that isn't my iptables box ;)
[23:05]<afnw>I was vague. :) I'll start again :)
[23:06]<afnw>iptables box -> ppp0 212.159.53.201, eth0 192.168.0.1. I have another box, which I'd like to have with an external IP (212.159.53.202, for instance). How can I "route" the appropriate IP to that, from the iptables box? :)
