Been getting a ton of attempts on my ssh/ftp connections as of late, first they started with the usual script kids trying the admin/guest/etc on the ssh connection, now i get people trying all sorts of stupid usernames with blank passwords on the ftp connection.
1. Is there a way to block an IP, either perm. or for set period of time for SSH attempts
2. Is there a simular way for VSFTP
I'm sure i could block the address's manually, but i'd like it if it was automated? say for 6 attempts?
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
I had a discussion with my local LUG and a member had some interesting
threads to share. Basically it showed that SUSE 9.0 is not really a
production level version. For production level use, it is recommended
to go with the Enterprise version of SUSE. Has other people got this
impression? My concern is that my company can't afford to purchase any
more software at this time so would I be better off looking at something
like Debian? I know this is kind of off topic, but basically I am
curious if 9.0 Pro is secure and stable enough for my organization needs.
I plan to recheck SuSE's security updates before installing them on the
machines. "Normal" packages are easy. I just imitate an update mirror
with just links in it. If a link exists the corresponding patch will be
installed. This way I can use SuSE's online_update.
Kernel updates on the other hand should just be installed when the system
is going down. Furthermore I want the last working kernel not to be
deinstalled when the new kernel is being installed. "rpm -i" would do
this for me so I have vmlinuz (new kernel) and vmlinuz.previous (last
working kernel) later on.
Does anyone have such a system installed at his/her site? Otherwise there
is some work to do for me... Can you give me some advises on the
Thanks in advance
| Andreas Haupt | E-Mail: andreas.haupt(a)hmi.de
| Hahn-Meitner-Institut (DN) | WWW:
| Glienicker Straße 100 | Phone: +49/30/8062-2597
| 14109 Berlin | Fax: +49/30/8062-2096
I dont know if this is the right list, but here goes.
I am fairly new to firewalling and iptables.
I have a setup as follows:
firewall: red eth0 external interface (adsl, dhcp)
yellow eth1 dmz interface
green eth2 internal interface
On dmz is a combined server running
web/ mysql/ ftp/ caching dns/ time/ outgoing mail and nfs server
I only want web/ftp to be available from red
All other services is for green (and yellow) network
I have several machines on green (So i guess i want NAT there)
One Linux server with NFS
Three linux ones running gnomemeeting amsn and licq
Two windows ones running Netmeeting, MSN, ICQ
All machines run bittorrent, limewire and dc++
I want ssh access to all boxes
I want to be able to run all communicationservices from arbitrary box.
All internal boxes shall use time/ dns/ outgoing mail om the dmz server
The firewall is to be locked down for user login only via ssh.
Anything to be done is sudo'ne
(note to self, find out how to lock ssh to userlogin only)
But i want access from red to firewall so i can "jump" to green and yellow if
I want as full access as possible from green to red
I have read the SuSEFirewall2 docs in /usr/share/docs/packages/SuSEFirewall2
but i cant figure it out..
What so set, what to add/remove..
Any pointers on where to start learning?
Any pointers on how to set it up?
Rikard Johnels email : rikjoh(a)norweb.se
Web : http://www.rikjoh.com
Mob : +46 735 05 51 01
------------------------ Public PGP fingerprint ----------------------------
< 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >
Hi all, I have a SuSe 8.2 distribution with SuSeFirewall2 set up
succesfully. I would like to know How can I lock the peer to peer
comunications from a port to a port? I tried to modify the script of the
firewall adding custom iptables rules, but nothing to do. Someone may help
How do I get SuSE 9.1 (SuSEfirewall2) to ignore martian source messages and
not log them?
I have a valid reason to have martian source on my two nics and the messages
they are logging is wasting huge amounts of logfile and making it difficult
to spot real traffic...
Any help greatly appreciated
Hi to all,
I'm using a Suse 9.1 OS, I have setup a Postfix + Cyrus mailserver. Everything runs well, I can connect with pop3 and imap, also with SSL(pop3s and imapds).
Now, out clients are mailny windows based systems.
I want to know how I have to setup cyrus to make the "log in using secure password authentication" available. I want only that the password is sent secure and not the whole pop3 connection.
I succeded authentication with the smtp connection but not with the pop3 connection. When I try to connect from Outlook express I receive the following error:
Unable to logon to the server using Secure Password Authentication. Account: 'Andy makla', Server: '192.168.0.17', Protocol: POP3, Server Response: '.', Port: 995, Secure(SSL): Yes, Error Number: 0x800CCC18
In the logs I find only this:
Sep 30 03:51:36 makla master: about to exec /usr/lib/cyrus/bin/pop3d
Sep 30 03:51:36 makla pop3: executed
Sep 30 03:51:36 makla pop3: accepted connection
Sep 30 03:51:36 makla master: process 8867 exited, status 0
Hope you can help.
Thankyou all for your help.
I think this is not really a security question so ill leave
it alone and work it out myself.
Thanks again for everything
you gut's are awesome
im off for the weekend, got a gentoo to tackle.
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
(forwarded from dansguardian list - From: proxy(a)barendse.to)
This is from a message on another mailing list but i guess it is of
interest for this list too:
Microsoft have apparently expanded their list of "High-risk file types"
with the release of Windows XP SP2. The new list of high-risk dangerous
attachments they have added are: