OT: password crackers
Billy Verreynne (JW)
VerreyB at telkom.co.za
Wed Feb 8 07:57:54 UTC 2006
Peter Garrett wrote:
> Do you only need access via ssh from certain
> machines/hosts ? If so let only those connect
> to the ssh server, and block out/drop all other
> IPs with your firewalling/ iptables.
Good advice. Use iptables ruthlessly. :-)
Simply drop all access from untrusted/reserved networks on the input
chain, e.g.
/sbin/iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
/sbin/iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP
I also prefer to syslog stuff that I do handle way or another via
iptables - doing a tail -f on syslog is an interesting exercise
(seeing just what else is hitting the network interfaces) and gives
new, and sometimes better, ideas on how to use iptables.
--
Billy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail and its contents are subject to the Telkom SA Limited
e-mail legal notice available at
http://www.telkom.co.za/TelkomEMailLegalNotice.PDF
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060208/bc5be7ed/attachment.html>
More information about the ubuntu-users
mailing list