[PLUG] [Q] sshd restrict IP
alan
alan at clueserver.org
Mon Aug 2 12:35:03 UTC 2004
On Mon, 2 Aug 2004, Roderick A. Anderson wrote:
> I have got some little twits knocking on the door of one of my servers
> trying to make ssh connections. It is irritating as all hell seeing the
> attempts in my system/security logs so I figured after I report them to
> the company where the IPs look to be from I'd like to just not even give
> them an answer when they knock. I know I can do this using iptables and
> friends but I'd prefer in these few instances to do it (hopefully) using
> sshd configurations.
This is a script. There has been a lot of noise on the security lists
about it. They are looking for stupid username/password combinations.
(For the moment.) If they get in, they root the server via a couple of
receint kernel exploits. It appears they are using compromised servers
for the attacks.
You will want to inform the holders of the ip addresses that they may have
a compromised server.
As for local solutions, you should be able to restrict access to sshd via
/etc/hosts.allow and /etc/hosts.deny. Unless, of course, your users are
coming from non-fixed-ip addresses in the first place...
More information about the PLUG
mailing list