Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: dwater on July 17, 2005, 05:24:10 PM

Title: p0f
Post by: dwater on July 17, 2005, 05:24:10 PM

Ref: http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/

Does anyone have any experience with using p0f on SME server ... or other ways of tracking down offending computers?

I'm running (I think) 6.0.1. Can I expect any trouble installing p0f?

Max.

Title: Re: p0f
Post by: pkn on July 17, 2005, 08:54:32 PM

Looks like p0f should install just fine:

  $ rpm -Uvh ftp://fr2.rpmfind.net/linux/dag/redhat/7.3/en/i386/dag/RPMS/p0f-2.0.5-1.0.rh7.dag.i386.rpm --test
  Retrieving ftp://fr2.rpmfind.net/linux/dag/redhat/7.3/en/i386/dag/RPMS/p0f-2.0.5-1.0.rh7.dag.i386.rpm
  Preparing...                  ########################################### [100%]

Though I don't see much use in doing so.  If you want to report the abuse coming from compromised SSH servers you'll likely be pretty busy for a long while.  I wouldn't bother.  Your best approach to protecting against this attack, in order of affectivness:
a) disable SSH
b) disable password authentication (google for ssh keys for howto's on using ssh keys instead)
c) ensure secure passwords are being used for all accounts, regardless of their login shell
d) don't permit root login (see remote access page in the server-manager)

 paul

Quote from: "dwater"

Ref: http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/

Does anyone have any experience with using p0f on SME server ... or other ways of tracking down offending computers?

I'm running (I think) 6.0.1. Can I expect any trouble installing p0f?

Max.