[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Pretty Ugly Out There!

Subject: [ale] Pretty Ugly Out There!
From: Mills.J at ems-t.com (Mills, John M.)
Date: Wed, 8 Mar 2006 09:03:41 -0500

ALErs -

I'm currently logging many hundreds - perhaps thousands - of daily
attempts to get SSH logins on my home box. They come in sequences of
user names (10-20 typically) from one IP, then a different bunch from
another. The guessed account names are starting to cycle through searchs
that might actually hit a real username.

I would like to lock any given originating IP out of access or out of
SSH login for some period after some number of failures (against
different usernames). Is there a simple way to do this with or between
'ipchains' and 'open-ssh'?

Also, what steps should I take to smoothly migrate a user from one
username to another? I.e. if I just change the login name in 'passwd',
shadow' and 'groups', what side effects am I likely to hit?

This box started as RH-7.3, though it's evolved quite a bit with time
(SSH updates in particular).

Thanks.

 - Mills

Follow-Ups:
- [ale] Pretty Ugly Out There!
  - From: ben-ale at bensbox.com (Ben Alexander)
- [ale] Pretty Ugly Out There!
  - From: transam at verysecurelinux.com (Bob Toxen)

Prev by Date: [ale] OT... Security black humor...
Next by Date: [ale] Pretty Ugly Out There!
Previous by thread: [ale] OT... Security black humor...
Next by thread: [ale] Pretty Ugly Out There!
Index(es):
- Date
- Thread