On Mon, 17 Jan 2000, William B. Herman wrote:
> It seems that I have people who are trying to telnet into my machine.
> They seem to be either changing their ISP or spoofing their IP
> address. There is no reason these addresses should be telneting into
> our machine. My guess is they are trying brute force to gain access.
> What is the best way to protect our system against such an attack?
Remove telnet as an option from inetd.conf, and use only ssh with RSA
keys. :) At a minimum, set hosts.deny to "ALL: ALL" and add your
authorized machines to hosts.allow. That will stop most connection
attempts from unauthorized IP's, but won't help with spoofed addresses
that appear to be from inside your network; for that, you need to turn on
rp_filters.
You should also consider installing both a firewall and portsentry to
block other types of unwanted access.
--
Todd A. Jacobs
Network Systems Engineer
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
