[mythtv-users] ssh attack
Michael Starks
mythtv at michaelstarks.com
Sun Jan 1 11:06:18 EST 2006
chris at cpr.homelinux.net wrote:
>You've missed the point. These types of packages don't look for
>multiple attempts at a single user name. They simply watch the auth
>logs and match failures to IPs. Once an IP has accumulated a certain
>number of failures within a specified time period, that IP address is
>temporarily added to a firewall table to block all further connections.
>In your case, root/root is the first failure, mythtv/mythtv is the
>second failure, etc.
>
>I use fail2ban to do the same thing. It's highly configurable so you
>can adjust the rules to match almost any kind of log file.
>
>
If the attacker uses a spoofed source IP of localhost, the server's IP,
a configured DNS server, the Zap2it web site(s) or some other needed IP,
that would be an effective DoS. If the intent is a DoS of some sort
rather than an interactive login, the reply to the SSH SYN is not
necessary. Are there any provisions in these tools to protect against
these types of spoofing attacks?
More information about the mythtv-users
mailing list