Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: p0f
« previous next »
Pages: [1]   Go Down

p0f

  • 1 Replies
  • 901 Views

dwater

p0f
« on: July 17, 2005, 05:24:10 PM »
Ref: http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/

Does anyone have any experience with using p0f on SME server ... or other ways of tracking down offending computers?

I'm running (I think) 6.0.1. Can I expect any trouble installing p0f?

Max.
Logged

pkn

Re: p0f
« Reply #1 on: July 17, 2005, 08:54:32 PM »
Looks like p0f should install just fine:

  $ rpm -Uvh ftp://fr2.rpmfind.net/linux/dag/redhat/7.3/en/i386/dag/RPMS/p0f-2.0.5-1.0.rh7.dag.i386.rpm --test
  Retrieving ftp://fr2.rpmfind.net/linux/dag/redhat/7.3/en/i386/dag/RPMS/p0f-2.0.5-1.0.rh7.dag.i386.rpm
  Preparing...                  ########################################### [100%]

Though I don't see much use in doing so.  If you want to report the abuse coming from compromised SSH servers you'll likely be pretty busy for a long while.  I wouldn't bother.  Your best approach to protecting against this attack, in order of affectivness:
a) disable SSH
b) disable password authentication (google for ssh keys for howto's on using ssh keys instead)
c) ensure secure passwords are being used for all accounts, regardless of their login shell
d) don't permit root login (see remote access page in the server-manager)

 paul



Quote from: "dwater"
Ref: http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/

Does anyone have any experience with using p0f on SME server ... or other ways of tracking down offending computers?

I'm running (I think) 6.0.1. Can I expect any trouble installing p0f?

Max.
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: p0f