[SGVLUG] Wake-On-LAN -- was Re: ssh breakins - tcp wrappers
Claude Felizardo
cafelizardo at gmail.com
Mon Aug 7 15:31:30 PDT 2006
On 8/6/06, Erik Espinoza <erik.espinoza at gmail.com> wrote:
> Careful putting mail statements in tcp_wrappers. I've seen huge mail
> servers crumble to their knees during a nessus scan or remote dos
> attack.
yes, good point! but that's why i use non standard ports and iptable rules.
anyway, i got port knocking working. I wanted to be able to ssh 3
ways: locally and from specific hosts w/o the email alert, then from
anywhere via port knocking w/ an alert. If it detects a scan, then it
closes the port. Guess I need to look at putting a limit on the
number of connections to minimize the effects of a DoS attack.
So far I had to create a new entry in /etc/services, modify
/etc/xinetd.d/sshd-xinetd, /etc/hosts.allow and of course some files
in /etc/shorewall. Let me know if anyone is interested in what I
have so far otherwise I may have something for a cool tools
presentation next month.
Claude
More information about the SGVLUG
mailing list