On Sun, Apr 22, 2007 at 10:38:42PM -0400, Jim Hyslop wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Franck Joncourt wrote:
> > I do not think the same way you do. If you are not running any servers,
> > except ssh
>
> I never said that. I said that ssh is the only port forwarded fro
Jim Hyslop <[EMAIL PROTECTED]> writes:
> H... does that mean I should really set up two machines, one in a
> DMZ for my ssh services, and the other for my internal services?
If this is a homeserver, I wouldn't bother. If it's a business, then
always separate internal and external services
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Franck Joncourt wrote:
> I do not think the same way you do. If you are not running any servers,
> except ssh
I never said that. I said that ssh is the only port forwarded from the
firewall to the machine. The machine is used internally for various
se
On 4/18/07, Jim Hyslop <[EMAIL PROTECTED]> wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello, all
I've set my SSH to accept only public key authorization, and forwarded
port 22 from the Big Bad Internet to my Debian box. Predictably, I'm
being hit by a lot of dictionary attempts to log
On Fri, Apr 20, 2007 at 11:41:28PM -0400, Jim Hyslop wrote:
> > You have defined ethLRZ, haven't you ?
>
> I have no idea. I just entered the rules as found in the blog. I assumed
> 'LRZ' was simply a place-holder for the actual interface number, as the
> iptables man page examples use '-i eth0' a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Franck Joncourt wrote:
> On Thu, Apr 19, 2007 at 09:18:45PM -0700, John L Fjellstad wrote:
>> Jim Hyslop <[EMAIL PROTECTED]> writes:
[...]
>> iptables -A INPUT -i ethLRZ -p tcp --dport 22 -m state --state NEW \
>> -m recent --set --name SSH
[...]
>> bu
On Fri, Apr 20, 2007 at 10:35:23PM +0200, Franck Joncourt wrote:
>
> These are the rules I use for my ftp server, and it works fine :
>
> iptables -A lan_in_new -p tcp --syn --dport 21 -m recent \
> --set--name ftp_hits_list2
> iptables -A wan_in_new -p tcp --syn --dport 21 -m recent --rc
On Thu, Apr 19, 2007 at 09:18:45PM -0700, John L Fjellstad wrote:
> Jim Hyslop <[EMAIL PROTECTED]> writes:
>
> Hello, all
>
> I've set my SSH to accept only public key authorization, and forwarded
> port 22 from the Big Bad Internet to my Debian box. Predictably, I'm
> being hit by a lot of diction
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John L Fjellstad wrote:
> You want to do update before you do set.
That sound you just heard was my palm slapping my forehead. For some
reason my brain didn't absorb the part of the man pages that said the
first rule that matches is the one that gets
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marc wrote:
> Why not just try fail2ban from sarge-backports? Works great. And it's
> officially in etch.
Well, mostly because this is the first I've heard about fail2ban :-)
Thanks for the tip, I'll have a look at it.
- --
Jim Hyslop
Dreampossible:
Jim Hyslop <[EMAIL PROTECTED]> writes:
> Hello, all
>
> I've set my SSH to accept only public key authorization, and forwarded
> port 22 from the Big Bad Internet to my Debian box. Predictably, I'm
> being hit by a lot of dictionary attempts to log in. A while back,
> someone posted a link in this
Jim Hyslop wrote:
> someone posted a link in this list to a blog that gave an Iptables
> recipe to limit connections to 5 per minute per IP address. So, I issued
> the commands:
>
Why not just try fail2ban from sarge-backports? Works great. And it's
officially in etch.
--
To UNSUBSCRIBE, email
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello, all
I've set my SSH to accept only public key authorization, and forwarded
port 22 from the Big Bad Internet to my Debian box. Predictably, I'm
being hit by a lot of dictionary attempts to log in. A while back,
someone posted a link in this lis
13 matches
Mail list logo
