Announcement

Collapse
No announcement yet.

Firewall question

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Firewall question

    I have a bit of an issue. I am on the road for weeks at a time so use ssh/sftp quite often to access files on my home system running hardy. (I also run hardy on my notebook) I use a no-ip address for my home system due to no static IP available from my ISP. My problem is many different IP's (changing daily) trying to brute-force my ssh. I use a very secure password so that is not a huge issue, but the damn idiot "ub3r h4x0rz" trying to bust my little home system are eating up bandwidth. I also run 2 VOIP lines off my router and the morons are actually using enough bandwidth to affect my call quality! My IP on my notebook changes on a daily basis, so I cannot firewall that port without killing my access. I am getting fed up with the daily email to admins telling them they have an open proxy or abusive user. Is there any script/program that will firewall an IP after a set amount of bad password attempts? Or another route I am not aware of? Would love to be able to stop the daily inspection of my log files. Thanks for any help.

    namopereht

    #2
    Re: Firewall question

    You can do a google search on securing your sshd configuration. There are many ways to hinder random attacks like that. Like changing the default port, only allowing trusted ips to connect, etc. I think changing the default port to something besides 22 might work to solve your problem.

    Comment


      #3
      Re: Firewall question

      Already tried changing the port. Lasted about 2 hours. Must be being portscanned. My router doesn't report portscan attempts so I am not sure but the best explanation. Can't set up trusted IP's as my IP changes depending who's wifi I am on or if I am using my aircard (which never has the same IP either). I am at my wit's end. I don't want to ask my ISP to do anything either, as I am not really supposed to be running any servers whatsoever. Besides: Asking an ISP to firewall or filter something is just asking for trouble!

      namopereht

      Comment


        #4
        Re: Firewall question

        Some useful information to be found at http://www.webhostingtalk.com/archiv.../t-456571.html - hope that helps.

        Comment


          #5
          Re: Firewall question

          Thanks for the link. I will try a few of the ideas there and see if it helps.

          namopereht

          Comment


            #6
            Re: Firewall question

            Ok. Here is what I have done. Added this to my /etc/rc.local

            Code:
            iptables -A INPUT -p tcp -m state --syn --state NEW --dport ssh -m limit --limit 1/minute --limit-burst 1 -j ACCEPT
            iptables -A INPUT -p tcp -m state --syn --state NEW --dport ssh -j DROP
            Then just to be safe I also installed fail2ban. Seems to run everything configured right out of the box. I guess I will find out what the result of this is in the next couple of days and will pass it on here.

            I must admit, I was a bit skittish about doing this via ssh with no access to the system. I am about 1800 miles away from the system and there is nobody around to access the system if I screwed up. If I borked it up I would be unable to fix it till I got home in 2 weeks! Talk about trial by fire! I just rebooted the system, but seemed to work after manually running the rc.local, logging out and back in, and now I just rebooted and logged in again.

            I guess this will be considered fixed pending the results of log inspection in a few days. Thanks again.

            namopereht

            Comment

            Working...
            X