On Sun, Jan 17, 2016 at 03:33:05PM +0200, Moreanu Robert - Nicolae wrote:
> hi,
> i'm looking to resolve this problem when I want to install debian 8.2 or
> 8.1. I receive this message after it's take to Grub install
>
> " the 'grub-pc' package failed to install into /target/ "
> after the operati
hi,
i'm looking to resolve this problem when I want to install debian 8.2 or
8.1. I receive this message after it's take to Grub install
" the 'grub-pc' package failed to install into /target/ "
after the operation of clean up on installing, i have a failed operations.
I don't have such expertise
On 18/01/2016 12:08 AM, "Christian Seiler" wrote:
>
> On 01/16/2016 10:57 AM, Reco wrote:
> > - anyone can connect up to 16 times via ssh.
> > - anyone exceeding the connection limit is tarpitted, and must wait
> > for an hour to try again.
>
> Note that while this may be adequate for your use cas
On 01/16/2016 10:57 AM, Reco wrote:
> - anyone can connect up to 16 times via ssh.
> - anyone exceeding the connection limit is tarpitted, and must wait
> for an hour to try again.
Note that while this may be adequate for your use case, I would
caution that 16 connections / hour can easily (!) be
On Sat, Jan 16, 2016 at 04:49:35PM +1100, David wrote:
> On 16 January 2016 at 15:48, Steve Matzura wrote:
> > On Sat, 16 Jan 2016 01:55:38 +0300, Reco wrote:
> >
> >>A simple solution:
> >>
> >>iptables -I INPUT -p dcp -s 59.46.71.0/24 -j DROP
> >
> > iptables v1.4.21: unknown protocol "dcp" spec
Reco:
On Sat, 16 Jan 2016 23:48:54 +0300, you wrote:
>Correct sequence would be:
>
>iptables -F INPUT
>iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW \
> -m hashlimit --hashlimit 1/hour --hashlimit-burst 16 \
> --hashlimit-mode srcip --hashlimit-name ssh \
> --ha
Reco:
On Sat, 16 Jan 2016 23:49:57 +0300, you wrote:
>Reverse the order of these two rules. As I wrote in another part of this
>thread, I mistook rules' sequence.
Like this?
iptables -I INPUT -p tcp --dport 22 --tcp-flags SYN,RST,ACK SYN \
-j DROP
iptables -I INPUT -p tcp --dport 22 -m
Hi.
On Sat, 16 Jan 2016 13:01:29 -0500
Steve Matzura wrote:
> I tried redoing the tables:
>
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP
> -A INPUT -p tcp -m tcp --dport 22 -m connt
Hi.
On Sat, 16 Jan 2016 12:46:30 -0500
Steve Matzura wrote:
> On Sat, 16 Jan 2016 20:16:28 +0300, you wrote:
>
> >> What'd I do?
> >>
> >
> >Exactly this:
> >
> >iptables -F INPUT
> >iptables -I INPUT -p tcp --dport 22 -m conntrack --ctstate NEW \
> > -m hashlimit --hashlimit 1/hou
On Sat, 16 Jan 2016 20:16:28 +0300, you wrote:
>> What'd I do?
>>
>
>Exactly this:
>
>iptables -F INPUT
>iptables -I INPUT -p tcp --dport 22 -m conntrack --ctstate NEW \
> -m hashlimit --hashlimit 1/hour --hashlimit-burst 16 \
> --hashlimit-mode srcip --hashlimit-name ssh \
> --
I tried redoing the tables:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m
hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16
--hashlimi
Hi.
On Sat, 16 Jan 2016 12:02:57 -0500
Steve Matzura wrote:
> Well, I thought I was doing so well. I discover now that no one,
> including me, can get into my system any more via ssh. Here are the
> current iptables rules:
>
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUT
Well, I thought I was doing so well. I discover now that no one,
including me, can get into my system any more via ssh. Here are the
current iptables rules:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP
Hi.
On Sat, 16 Jan 2016 07:35:54 -0500
Steve Matzura wrote:
> >But with conjunction with the previous one it implements the following
> >policy:
> >
> >- anyone can connect up to 16 times via ssh.
> >- anyone exceeding the connection limit is tarpitted, and must wait
> >for an hour to try
Reco:
On Sat, 16 Jan 2016 12:57:30 +0300, you wrote:
>>-j, --jump target
>> This specifies the target of the rule; i.e., what to do
>> if the packet matches it. The target can be a user-defined
>> chain (other than the one this rule is in), one of the special builtin
Hi.
On Sat, 16 Jan 2016 00:49:17 -0500
Steve Matzura wrote:
> Reco:
>
> All of this is an excellent learning opportunity for me. Please bear
> with me just a bit as I ask the following:
>
> On Sat, 16 Jan 2016 01:55:38 +0300, you wrote:
>
> >A simple solution:
> >
> >iptables -I INPUT
Reco:
All of this is an excellent learning opportunity for me. Please bear
with me just a bit as I ask the following:
On Sat, 16 Jan 2016 01:55:38 +0300, you wrote:
>A simple solution:
>
>iptables -I INPUT -p dcp -s 59.46.71.0/24 -j DROP
`-p dcp'? manpages says:
[!] -p, --protocol proto
On 16 January 2016 at 15:48, Steve Matzura wrote:
> On Sat, 16 Jan 2016 01:55:38 +0300, Reco wrote:
>
>>A simple solution:
>>
>>iptables -I INPUT -p dcp -s 59.46.71.0/24 -j DROP
>
> iptables v1.4.21: unknown protocol "dcp" specified
> Try `iptables -h' or 'iptables --help' for more information.
>
On Sat, 16 Jan 2016 01:55:38 +0300, Reco wrote:
>A complex one:
>
>iptables -I INPUT -p tcp --dport 22 -m conntrack --ctstate NEW \
> -m hashlimit --hashlimit 1/hour --hashlimit-burst 16 \
> --hashlimit-mode srcip --hashlimit-name ssh \
> --hashlimit-htable-expire 6 -j ACCEPT
On Sat, 16 Jan 2016 01:55:38 +0300, Reco wrote:
>A simple solution:
>
>iptables -I INPUT -p dcp -s 59.46.71.0/24 -j DROP
iptables v1.4.21: unknown protocol "dcp" specified
Try `iptables -h' or 'iptables --help' for more information.
Should I try the complex solution, or find out what went wrong
Hi.
On Fri, 15 Jan 2016 16:37:48 -0500
Steve Matzura wrote:
> My new fledgling server is being slammed, and I mean slammed like
> Sandy slammed New York, by root login attacks from 59.46.71.36,
> ShenYang, China. Of course, I don't allow root logins except from the
> console or via ssh k
On Fri, 15 Jan 2016 16:37:48 -0500
Steve Matzura wrote:
> My new fledgling server is being slammed, and I mean slammed like
> Sandy slammed New York, by root login attacks from 59.46.71.36,
> ShenYang, China. Of course, I don't allow root logins except from the
> console or via ssh key pair, so I
On Fri, 2016-01-15 at 16:37 -0500, Steve Matzura wrote:
> My new fledgling server is being slammed, and I mean slammed like
> Sandy slammed New York, by root login attacks from 59.46.71.36,
> ShenYang, China. Of course, I don't allow root logins except from the
> console or via ssh key pair, so I p
On Sun March 1 2009, Sjors Gielen wrote:
> > DenyHosts
> > To:
> > r...@localhost
>
> There are two ways to fix this, 2 is probably preferred:
>
> 1) By default, in the Denyhosts Debian package, the configfile is
> installed at /etc/denyhosts.conf. If you didn't take the Debian package,
> it w
Paul Cartwright schreef:
I am getting these to my local user, and I can't figure out what process is
sending them, so I can correct it:
> From:
> DenyHosts
> To:
> r...@localhost
There are two ways to fix this, 2 is probably preferred:
1) By default, in the Denyhosts Debian package, the co
Andrew Sackville-West wrote:
> Craig Hurley wrote:
> > My understanding of how denyhosts works is that it is scheduled to parse
> > auth.log file every X seconds, identifing failed login attempts, it then
> > tallies those attempts, if the total of failed login attempts is above Y
> > The (very
On Thu, Jul 12, 2007 at 06:37:13PM +0100, Craig Hurley wrote:
> On 11/07/2007 04:44, Bob Proulx wrote:
>> If you are finding 'denyhosts' difficult then you may want to install
>> 'fail2ban' as one standalone method to stop this since it is extremely
>> simple. It should work out of the box.
>
> De
On 11/07/2007 04:44, Bob Proulx wrote:
If you are finding 'denyhosts' difficult then you may want to install
'fail2ban' as one standalone method to stop this since it is extremely
simple. It should work out of the box.
Denyhosts did work out of the box.
My understanding of how denyhosts work
you might look at arno-iptables-script as another possibility.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Craig Hurley wrote:
> Has anyone installed and configured DenyHosts
> (http://denyhosts.sourceforge.net) so that it uses tcp wrappers on
> debian?
I am confident that script kiddies shaking my doors and trying to lift
my windows cannot break through my passwords and rsa keys. If
reasonable pass
"Roberto C. Sanchez" <[EMAIL PROTECTED]> wrote:
>On Wed, Aug 31, 2005 at 10:08:44AM -0400, Ralph Crongeyer wrote:
>> Thanks Roberto.
>> I haven't been able to get to my box to check and see if the package was
>> available. Work is blocking outbound SSH connections. And I couldn't
>find
>> anything
On Wed, Aug 31, 2005 at 10:08:44AM -0400, Ralph Crongeyer wrote:
> Thanks Roberto.
> I haven't been able to get to my box to check and see if the package was
> available. Work is blocking outbound SSH connections. And I couldn't find
> anything on the web.
>
> Would a "Request For Package" make i
Sven Hoexter <[EMAIL PROTECTED]> wrote:
>On Tue, Aug 30, 2005 at 03:56:05PM -0400, Ralph Crongeyer wrote:
>> Hi all,
>> Is there a Debian Sarge package for "DenyHosts"?
>> http://denyhosts.sourceforge.net/
>None that I know but fail2ban looks similar.
>
>Sven
>--
>If God passed a mic to me to spe
"Roberto C. Sanchez" <[EMAIL PROTECTED]> wrote:
>On Tue, Aug 30, 2005 at 03:56:05PM -0400, Ralph Crongeyer wrote:
>> Hi all,
>> Is there a Debian Sarge package for "DenyHosts"?
>> http://denyhosts.sourceforge.net/
>>
>
>There is not. However, you can use the reportbug package to file a RFP
>bug.
On Tue, Aug 30, 2005 at 03:56:05PM -0400, Ralph Crongeyer wrote:
> Hi all,
> Is there a Debian Sarge package for "DenyHosts"?
> http://denyhosts.sourceforge.net/
None that I know but fail2ban looks similar.
Sven
--
If God passed a mic to me to speak
I'd say stay in bed, world
Sleep in peace
[T
On Tue, Aug 30, 2005 at 03:56:05PM -0400, Ralph Crongeyer wrote:
> Hi all,
> Is there a Debian Sarge package for "DenyHosts"?
> http://denyhosts.sourceforge.net/
>
There is not. However, you can use the reportbug package to file a RFP
bug.
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.n
36 matches
Mail list logo
