[LAD] [ot] - NEED some security advise PLEASE!

Frank Barknecht fbar at footils.org
Sun Feb 15 10:39:09 UTC 2009


Hallo,
Arnold Krille hat gesagt: // Arnold Krille wrote:

> I have a script that filters the log-files for "invalid user", extracts the IP 
> and adds it to the RECENT table (which is used for blocking for five minutes). 
> But some of these attackers have botnets which means a lot of IP's to be 
> blocked before they finished their username-list...

Basically that's what denyhost does, and it also has additional features
like a realtime bla/ocklist, which also blocks distributed
attacks that are not affected by blocking single IPs because one
attacker there is able to use a new IP for each attempt. OTOH botnets
usually are interested in servers with more valuable data than most of
us have.

> From my experience using key-logins only helps when you have only linux users. 
> Most windows people don't really understand the concepts of security, public 
> keys and such.

True, but for home-machines of Linux Audio freaks, usually nobody from a
Windows machine needs to log in anyway. ;) And if it's a public server,
I'd rather not have anybody logging in through ssh who is not capable of
dealing with key logins. I disabled password logins through ssh on
my public machines.

Ciao
-- 
 Frank



More information about the Linux-audio-dev mailing list