Re: [lance osuosl org: [Hosting] denyhosts recommendation]

From: Jeff Schroeder <jeffschroed gmail com>
To: Olav Vitters <olav bkor dhs org>
Cc: gnome-infrastructure gnome org
Subject: Re: [lance osuosl org: [Hosting] denyhosts recommendation]
Date: Wed, 15 Jul 2009 11:21:39 -0700

On Wed, Jul 15, 2009 at 11:11 AM, Olav Vitters<olav bkor dhs org> wrote:
> Should probably implement something like this
> --
> Regards,
> Olav

We could also do something like add an ssh rule that says if you ssh
to a machine 15+ times / minute, block that ip for 30 minutes. It
might make some developers angry, but then we could educate them on
using ssh and control sockets for multiple sessions through one
connection.

>
>
> ---------- Forwarded message ----------
> From: Lance Albertson <lance osuosl org>
> To: hosting osuosl org
> Date: Wed, 15 Jul 2009 11:19:01 -0500
> Subject: [Hosting] denyhosts recommendation
> Last night most of our network were scanned and nearly DoS'd by an ssh
> worm and caused many hosts to have their sshd to timeout. I noticed that
> none of the OSL managed hosts were affected by the worm and concluded
> that most of you aren't running denyhosts [1].
>
> I _highly_ recommend that all of you consider installing denyhosts or
> something similar to mitigate the constant ssh worms that roam the
> internet. For most situations, simply installing it and starting the
> daemon will do the job. It just scans the system ssh log for failed
> attempts and adds them to hosts.deny. But I do recommend you at least
> check out the config file to see if you want to adjust any settings.
>
> Please let me know if you have any questions! Thanks-
>
> [1] http://denyhosts.sourceforge.net/
>
> --
> Lance Albertson                                    lance <at> osuosl.org
> Systems Administrator / Architect                        Open Source Lab
> Network Services                                 Oregon State University
> Work: 541-737-9975                                   PGP Key: 0x27F4B742
> GPG Fingerprint       0423 92F3 544A 1282 5AB1  4D07 416F A15D 27F4 B742
>
>
> _______________________________________________
> Hosting mailing list
> Hosting osuosl org
> http://lists.osuosl.org/mailman/listinfo/hosting
>
> _______________________________________________
> gnome-infrastructure mailing list
> gnome-infrastructure gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
>



-- 
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com

References:
- [lance osuosl org: [Hosting] denyhosts recommendation]
  - From: Olav Vitters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]