I was looking through my logs and noticed an inordinately large number of people attacking my computer via SSH. As near as I can tell, they never succeeded in actually entering, but it is annoying. I tried using whois on the IP and discovered I didn't have it, so I installed it with the add/remove programs tool, and then did it. I got a result of PIHK WTC Colocation and tried e-mailing the specified addresses. The e-mails bounced, saying those addresses did not exist. Is there a firewall type deal that is relatively easy to temporarily open up with wrapper scripts or something for when I do wish to use the peer to peer software I sometimes use? Or maybe there is some other solution? Is there still such a thing as hosts.deny and hosts.allow? (These used to exist on Slackware, I know anyway.....) Are there any more useful network tools that might help me trace these people? Thanks for all of your time and help. Kenneth McGavran. kmcgavran@y-comm.com
-
-
Re: how to stop people from attacking my computer....
Like always with linux, there are multiple ways to accomplish this, here's a few:
1. Disable password logins on ssh (and use hostkey authentication instead)
2. Allow ssh connections from only defined hosts, or set a firewall to accept ssh connections only from defined addresses or zones.
3. Use software that can automatically ban knocking addresses (like fail2ban)
...and I'm sure there are others, which solution (or a combination of solutions) works best for you depends on your needs.
(for firewall configuration, I'd recommend Guarddog or Firestarter...note that guarddog by default blocks all traffic, so you have to open up some holes for internet, mail, dns etc.)
-
Re: how to stop people from attacking my computer....
Ssh scripts are a common *ix annoyance.
The easiest solution is move ssh to port 23. Most of the attacks are from bots, and most of the bots are too stupid to scan your computer for the ssh port.
Of course kubicle solutions are much more secure than mine, mine is just a easy and fast workaround for computer that doesn't need real security.
Anyway, good user passwords are a must if you allow remote ssh login.
Javier.Comment
-
Re: how to stop people from attacking my computer....
you might want to download 'backtrack' which has iirc, a stable 1.0 version and 2,0 is about to be released.....its a pen test live cd based on slax and has a good forum at remote-exploits.......nice tool to keep in your toolkit and fast......plenty of network tools and a very knowledgeable and security minded user base...
cheersComment
-
Re: how to stop people from attacking my computer....
For your information, a useful tool for testing how vulnerable you system is:
https://www.grc.com/x/ne.dll?bh0bkyd2
Ideally, stealth a computer by configuring your firewall to not-reply to any probes from the Internet. That includes ping requests.
Returning any kind of packet to an attacker is a bad idea. It simply shows the attacker that you exist.
[rant]
Switching off and *unplugging* when the computer is not in use, is a good policy, for your security and the environment :-)
Many businesses leave their gateway/s switched on over night when no one is in the office. One or more of them could/should be switched off out of hours. This reduces the amount of foot-print probes they receive and their electricity bill.
[/rant]Comment
Comment