Íàñòðîéêà brute force protection íà ðîóòåðå

Printable View

Show 40 post(s) from this thread on one page

19-01-2007, 10:37
black_128

Íàñòðîéêà brute force protection íà ðîóòåðå

Äîáðîãî âðåìåíè ñóòîê!
Ñêàæèòå, ðåøåíà ëè ïðîáëåìà ñ õàëÿâíûì õîæäåíèåì â èíòåðíåò, êîãäà Âàø IP èñïîëüçóþò âìåñòî øëþçà?

Îïèñàíî: http://www.wl500g.info/showthread.php?t=6595

Òàêæå, êàêèì îáðàçîì èçìåíèòü ìîé post-firewall, ÷òîáû âî ïåðâûõ ïåðåíàïðàâèòü äîñòóï ê 22ìó ïîðòó íà äðóãîé "áåçîïàñíûé", à âî âòîðûõ ñäåëàòü áëîêèðîâàíèå IP àòàêóþùåãî íà ñóòêè, ïîñëå íåóäà÷íûõ 6-òè êîííåêòîâ? Íåáîëüøîå çàìå÷àíèå - ÿ íå èñïîëüçóþ äîñòóï ê äîìàøíèì êîìïüþòåðàì èç WAN - íåò íåîáõîäèìîñòè.

À òî, ñö@$è ïûòàþòñÿ ëîìàòü:

http://www.notebook-sales.ru/ppp.jpg

inetnum: 85.89.73.218 - 85.89.73.222
netname: SE-NTI-SKOLAN-NETIT
person: Thomas Rojsel
address: Garvaregatan 4
phone: +46 23 702 22 02
nic-hdl: TR1185-RIPE
source: RIPE # Filtered
person: Lars Olsson
address: NetIT
address: Sweden
phone: +46 23 636 40
e-mail: lars@netit.se

Âîò ìîé post-firewall:

#!/bin/sh
#WEB,SSH and FTP access from WAN
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j DROP
#Test for post-firewall.log
echo "post-firewall running...">/var/log/post-firewall.log

Ïîäñêàæèòå, ãóðó!
19-01-2007, 20:47
black_128

Íó ÷òî, ðåáÿòà? Âàøè post-firewall áóäóò çà firewall? :)

Âîò ÷òî ÿ ïðèäóìàë, âåðíî? (Ýýýýõ....íà íåäåëüêó áû âñÿêèõ øâåäîâ è êèòàéöåâ â áàí):

#!/bin/sh
## WEB,SSH and FTP access from WAN
## Set default policy
iptables -P INPUT DROP
## Removes last default rule
iptables -D INPUT -j DROP
## Open FTP,SSH,WWW ports
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 22 -j brute_force
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
## Block SSH brute force attacks
iptables -N brute_force
iptables -F brute_force
iptables -A brute_force -m state --state NEW -m recent --name attack --set
iptables -A brute_force -m recent --name attack --rcheck --seconds 60 --hitcount 4 -m limit --limit 1/minute --limit-burst 1 -j LOG --log-prefix 'SSH brute force attack'
iptables -A brute_force -m recent --name attack --rcheck --seconds 60 --hitcount 4 -j DROP
iptables -A brute_force -j ACCEPT
## Drop other IPs
iptables -A INPUT -j DROP
#Test for post-firewall.log
echo "post-firewall running...">/var/log/post-firewall.log
23-01-2007, 05:58
vaspupkin

Wl500gp ñêàí ïîðòîâ.

Óâàæàåìûå ïîëüçîðâàòåëè WL500GP,
îáðàòèë âíèìàíèå, ÷òî ñèñòåìàòè÷åñêè ñ ðàçíûõ àäðåñîâ ïðîâîäÿò ñêàíèðîâàíèå ïîðòîâ. Íàïðèìåð èç ïîñëåäíåãî ëîãà

Code:

syslog.log Jan 22 22:26:31 dropbear[328]: Child connection from ::ffff:203.127.35.164:56647 Jan 22 22:26:35 dropbear[328]: bad password attempt for 'admin' from ::ffff:203.127.35.164:56647 Jan 22 22:26:36 dropbear[328]: exit before auth (user 'admin', 1 fails): Disconnect received Jan 22 22:26:37 dropbear[329]: Child connection from ::ffff:203.127.35.164:56802 Jan 22 22:26:40 dropbear[329]: bad password attempt for 'admin' from ::ffff:203.127.35.164:56802 Jan 22 22:26:41 dropbear[329]: exit before auth (user 'admin', 1 fails): Disconnect received Jan 22 22:26:41 dropbear[330]: Child connection from ::ffff:203.127.35.164:56886 Jan 22 22:26:45 dropbear[330]: login attempt for nonexistent user from ::ffff:203.127.35.164:56886

Äëÿ áëîêèðîâêè èñïîëüçóþ îïèñàííóþ çäåñü ïðîöåäóðó áëîêèðîâàíèÿ IP-àäðåñîâ ñ ðó÷íûì çàíåñåíèåì èõ â ôàéë block.ip
À âîò êàê áû àâòîìàòèçèðîâàòü äàííóþ ïðîöåäóðó? Ñëàá ÿ â ëþíèêñîèäíûõ ñêðèïòàõ :(
23-01-2007, 08:26
SergeyVl

Quote:

Originally Posted by vaspupkin

Óâàæàåìûå ïîëüçîðâàòåëè WL500GP,
îáðàòèë âíèìàíèå, ÷òî ñèñòåìàòè÷åñêè ñ ðàçíûõ àäðåñîâ ïðîâîäÿò ñêàíèðîâàíèå ïîðòîâ. Íàïðèìåð èç ïîñëåäíåãî ëîãà

Code:

syslog.log Jan 22 22:26:31 dropbear[328]: Child connection from ::ffff:203.127.35.164:56647 Jan 22 22:26:35 dropbear[328]: bad password attempt for 'admin' from ::ffff:203.127.35.164:56647 Jan 22 22:26:36 dropbear[328]: exit before auth (user 'admin', 1 fails): Disconnect received Jan 22 22:26:37 dropbear[329]: Child connection from ::ffff:203.127.35.164:56802 Jan 22 22:26:40 dropbear[329]: bad password attempt for 'admin' from ::ffff:203.127.35.164:56802 Jan 22 22:26:41 dropbear[329]: exit before auth (user 'admin', 1 fails): Disconnect received Jan 22 22:26:41 dropbear[330]: Child connection from ::ffff:203.127.35.164:56886 Jan 22 22:26:45 dropbear[330]: login attempt for nonexistent user from ::ffff:203.127.35.164:56886

Äëÿ áëîêèðîâêè èñïîëüçóþ îïèñàííóþ çäåñü ïðîöåäóðó áëîêèðîâàíèÿ IP-àäðåñîâ ñ ðó÷íûì çàíåñåíèåì èõ â ôàéë block.ip
À âîò êàê áû àâòîìàòèçèðîâàòü äàííóþ ïðîöåäóðó? Ñëàá ÿ â ëþíèêñîèäíûõ ñêðèïòàõ :(

Ýòî íå ñêàíèðîâàíèå ïîðòîâ, à ïîïûòêà ïîäêëþ÷èòüñÿ ÷åðåç SSH.
Ïî÷èòàéòå http://wl500g.info/showthread.php?t=8015
23-01-2007, 09:05
vaspupkin

×èòàë âíèìàòåëüíî, äåëàë... íå ïîëó÷èëîñü
Â post-boot âñòàâèë

Code:

insmod ipt_recent

Â post-firewall âñòàâëÿë îïèñàííûå ñòðîêè

Code:

iptables -t nat -I PREROUTING -i $WAN -p tcp -m state --state NEW --dport 22 -m recent --set --name SSH_ATTACKER --rsource iptables -I INPUT -i $WAN -p tcp -m state --state NEW --dport 22 -m recent --update --seconds 600 --hitcount 3 --name SSH_ATTACKER --rsource -j DROP

ãäå âìåñòî $WAN ïîäñòàâëÿë $1; $3
Âñå ðàâíî íå âûõîäèò êàìåííûé öâåòîê.

Ìîæåò ÿ ïðîñòî çàáëóäèëñÿ â ñâîåì fire-wall, íå êîðîòêèé îí ó ìåíÿ :)
Ãëÿíüòå, êàê ïîïðàâèòü, åñëè íå òðóäíî

Code:

#!/bin/sh # set default policy iptables -P INPUT DROP # remove last default rule iptables -D INPUT -j DROP # Block ICQ iptables -I FORWARD -s 192.168.2.0/24 -d 64.12.25.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 61.12.51.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 64.12.161.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 64.12.164.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 61.12.174.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 64.12.200.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 64.12.202.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 152.163.159.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 152.163.208.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.7.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.8.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.9.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.153.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.157.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.165.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.179.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.248.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.251.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.253.0/24 -j DROP # Block Rambler ICQ iptables -I FORWARD -s 192.168.2.0/24 -d 204.15.10.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 81.19.64.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 81.19.65.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 81.19.66.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 81.19.69.0/24 -j DROP iptables -I FORWARD -s 192.168.2.0/24 -d 81.19.70.0/24 -j DROP # ACCEPT rules SSH, Telnet, FTP, WEB (Port 80) iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 23 -j ACCEPT iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p tcp --dport 8080 -j ACCEPT iptables -A INPUT -p tcp --dport 3389 -j ACCEPT # PREROUTING rules SSH, Telnet, FTP, WEB iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 22 -j DNAT --to-destination iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 23 -j DNAT --to-destination $4:23 iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 21 -j DNAT --to-destination $4:21 iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 80 -j DNAT --to-destination $4:80 iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 8080 -j DNAT --to-destination $4:8080 iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 3389 -j DNAT --to-destination $4:3389 # Drop all other connections iptables -A INPUT -j DROP # Block IPs /usr/local/sbin/blockIPs # CORBINA ROUTING # Local network: /sbin/route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.190.0.17 # Corbina.ru, help.corbina.ru, home.corbina.ru /sbin/route add -net 85.21.29.242 netmask 255.255.255.255 gw 10.190.0.17 # Stat.corbina.ru /sbin/route add -net 195.14.50.26 netmask 255.255.255.255 gw 10.190.0.17 # Mail Server /sbin/route add -net 195.14.50.16 netmask 255.255.255.255 gw 10.190.0.17 # Local resources /sbin/route add -net 85.21.79.0 netmask 255.255.255.0 gw 10.190.0.17 /sbin/route add -net 85.21.90.0 netmask 255.255.255.0 gw 10.190.0.17 # Corbina.TV: /sbin/route add -net 85.21.52.254 netmask 255.255.255.255 gw 10.190.0.17 /sbin/route add -net 85.21.88.130 netmask 255.255.255.255 gw 10.190.0.17 /sbin/route add -net 83.102.146.96 netmask 255.255.255.224 gw 10.190.0.17 /sbin/route add -net 85.21.138.210 netmask 255.255.255.255 gw 10.190.0.17 /sbin/route add -net 85.21.138.214 netmask 255.255.255.255 gw 10.190.0.17

Âñå ïîëó÷èëîñü, âñåì ñïàñèáî. Â êîíåö fire-wall äîáàâèë ñëåäóþùèé êîä ñ óêàçàíèåì êîíêðåòíî "ppp0"

Code:

iptables -t nat -I PREROUTING -i ppp0 -p tcp -m state --state NEW --dport 22 -m recent --set --name SSH_ATTACKER --rsource iptables -I INPUT -i ppp0 -p tcp -m state --state NEW --dport 22 -m recent --update --seconds 60 --hitcount 3 --name SSH_ATTACKER --rsource -j DROP
16-04-2007, 07:14
al37919

êàê çàáàíèòü IP-àäðåñ ïîñëå íåñêîëüêèõ íåóñïåøíûõ ïîïûòîê ssh-ëîãèíà?

â ñèñëîãå íàáëþäàþ, ÷òî êàêîé-òî çëîáíûé àâòîìàò ëîìèòñÿ íà ìîé dropbear.

Quote:

Apr 16 00:22:07 dropbear[22309]: Child connection from ::ffff:164.100.167.22:5778
Apr 16 00:22:08 dropbear[22309]: exit before auth: Exited normally
Apr 16 00:24:30 dropbear[22598]: Child connection from ::ffff:164.100.167.22:30896
Apr 16 00:24:34 dropbear[22598]: login attempt for nonexistent user from ::ffff:164.100.167.22:30896
Apr 16 00:24:35 dropbear[22598]: exit before auth: Disconnect received
Apr 16 00:24:35 dropbear[22609]: Child connection from ::ffff:164.100.167.22:31108
Apr 16 00:24:38 dropbear[22609]: login attempt for nonexistent user from ::ffff:164.100.167.22:31108
Apr 16 00:24:39 dropbear[22609]: exit before auth: Disconnect received

Äàëåå ïðîäîëæàåòñÿ òî æå ñàìîå â òå÷åíèå 15 ìèí. Ïðèìåðíî êàæäûå ÷åòûðå ñåêóíäû íîâàÿ ïîïûòêà. Èòîãî ïîëó÷àåòñÿ ãäå-òî çà 200 ïîïûòîê. Ìíå ýòî íå íðàâèòñÿ.

Ìîæíî ëè ñäåëàòü ñëåäóþùåå (è êàê):
1) çàïðåò ñîåäèíåíèÿ ñ IP-àäðåñà ïîñëå òðåõ-ïÿòè íåóñïåøíûõ ïîïûòîê çàëîãèíèòüñÿ.

2) äðóãîé âàðèàíò ïîñëå íåóäà÷íîé ïîïûòêè ëîãèíà --- ïàóçà, ñêàæåì, 1 ìèíóòà

3) êàê çàäàòü êàêîé þçåð ìîæåò ëîãèíèòüñÿ ÷åðåç ssh è êàêîé íåò. Õî÷ó çàïðåòèòü ëîãèí äëÿ root

ÎÊ, ïîñëåäíåå óæå íàøåë : dropbear -w
16-04-2007, 09:47
Oleg

Äóìàþ, ÷òî íóæíî íàïèñàòü ñêðèïò, êîòîðûé áóäåò ïàðñèòü ëîã è äîáàâëÿòü ïðàâèëà â iptables.
16-04-2007, 09:55
Duke

Òóò óæå îáñóæäàëîñü. Ìîæíî ñðåäñòâàìè iptables ñäåëàòü âðåìåííóþ áëîêèðîâêó. Åñëè íå ïîäõîäèò - äëÿ ðàçáîðàëîãà ñêðèïò ìîãó âûëîæèòü.
16-04-2007, 10:09
ATDT

ÈÌÕÎ ïðîùå è ýôôåêòèâíåå ïîðò äðîïáèðà ïîìåíÿòü - íèêòî íå ëîìèòñÿ è â ëîãàõ ÷èñòî.
16-04-2007, 10:45
al37919

Ñïàñèáî çà îòâåòû,

2ATDT --- íó, ýòî íå ðåøåíèå, à ïðÿìî óõîä êàêîé-òî îò ïðîáëåìû. Íå ñïîðòèâíî. :) Çàòî, ïðàâäà, ïóòü ñàìûé ïðîñòîé.

2Duke --- áûëî áû ëþáîïûòíî âçãëÿíóòü.
16-04-2007, 10:55
wod

Âàðèàíò îò macsat:

This can be avioded by installing the ipt_recent module for iptables, and changing the firewall rules accordingly.
The method includes allowing only X number of connections to port 22 from the same IP in a period of YY seconds.
The ipt_recent module is in the iptables-mod-extra package, install this by:
ipkg install iptables-mod-extra
In this example of the setup, we will allow a maximum of 3 connections to port 22 from each IP within a 120 seconds timeframe. Also we will make a log-entry in the syslog for each blocked request to port 22. This means that we need to load both the ipt_recent and the ipt_LOG modules, and use them in our firewall.user script.
To load the modules at starup do this:
echo "ipt_recent" >> /etc/modules echo "ipt_LOG" >> /etc/modules
Now you can either reboot your router, or issue the following commands to load the modules now :
insmod ipt_recent insmod ipt_LOG
To create the firewall rules, you need to replace this like in your firewall.user script :
iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT

With the following three lines:
iptables -t filter -A input_rule -i $WAN -p TCP --dport 22 -m recent --name SSH --rcheck --hitcount 3 --seconds 120 -j LOG --log-prefix "SSH_BRUTE "
iptables -t filter -A input_rule -i $WAN -p TCP --dport 22 -m recent --name SSH --update --hitcount 3 --seconds 120 -j DROP
iptables -t filter -A input_rule -i $WAN -p TCP --dport 22 -m recent --name SSH --set -j ACCEPT

Now after reloading the /etc/firewall.user script - or rebooting the router, it is only possible to make 3 requests every 120 seconds from the same ip to port 22 of the WAN device of your router.
You will still see log entries like the above, but only in blocks of three requests every two minutes. This will render brute force attacks non-useable for thoose petty hackers.
Blocked attempts will show in the syslog with the prefix : "SSH_BRUTE" and you can see thoose by issuing:
logread |grep "SSH_BRUTE"
16-04-2007, 11:20
al37919

wod, îãðîìíîå ñïàñèáî --- âûãëÿäèò îòëè÷íî. Áóäåì ïðîáîâàòü.
16-04-2007, 11:24
Duke

Quote:

Originally Posted by al37919

2Duke --- áûëî áû ëþáîïûòíî âçãëÿíóòü.

Ýòî çàïóñêàåòñÿ ïî êðîíó

Code:

#!/bin/sh logfile=/tmp/syslog.log banfile=/opt/fw-deny-ssh for i in `awk '/dropbear.?*nonexistent/ { split($11,addr,/:/); cur=addr[4]; if(cur != prev) ban[n++]=cur; prev=cur } END { for(i=0; i in ban; i++) print ban[i] }' $logfile` do grep "$i" $banfile -q || ( banned="NOT banned" iptables -I INPUT -p tcp -s $i --dport 22 -j DROP && echo $i>>$banfile && banned="banned" sendmail "Intrusion alert!" "Unsuccessfull SSH connection attempt from $i detected - $banned" ) done

È äî êó÷è â post-firewall äîáàâëåíî

Code:

#SSH deny for i in `cat /opt/fw-deny-ssh` do iptables -I INPUT -p tcp -s $i --dport 22 -j DROP done

ÍÎ! Òàáëèöû iptables óâåëè÷èâàþòñÿ, ñëåäîâàòåëüíî è ïðîèçâîäèòåëüíîñòü ðîóòåðà íàñêîëüêî ïàäàåò.
16-04-2007, 14:40
imdex

Âîò òóò äîâîëüíî ïîäðîáíî îáñóæäàëîñü óæå.
01-01-2009, 16:35
rutony

Çàùèòà ðîóòåðà

Code:

an 1 16:24:47 vsftpd[985]: [christina] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:24:49 vsftpd[985]: [christina] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:24:50 vsftpd[985]: [christina] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:24:52 vsftpd[996]: CONNECT: Client "209.203.14.50" Jan 1 16:24:53 vsftpd[995]: [christine] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:24:55 vsftpd[995]: [christine] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:24:56 vsftpd[995]: [christine] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:24:58 vsftpd[1000]: CONNECT: Client "209.203.14.50" Jan 1 16:24:58 vsftpd[999]: [christopher] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:00 vsftpd[999]: [christopher] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:01 vsftpd[999]: [christopher] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:03 vsftpd[1002]: CONNECT: Client "209.203.14.50" Jan 1 16:25:03 vsftpd[1001]: [christy] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:05 vsftpd[1001]: [christy] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:06 vsftpd[1001]: [christy] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:09 vsftpd[1007]: CONNECT: Client "209.203.14.50" Jan 1 16:25:09 vsftpd[1006]: [chuck] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:11 vsftpd[1006]: [chuck] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:13 vsftpd[1006]: [chuck] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:14 vsftpd[1010]: CONNECT: Client "209.203.14.50" Jan 1 16:25:15 vsftpd[1009]: [cindy] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:16 vsftpd[1009]: [cindy] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:18 vsftpd[1009]: [cindy] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:19 vsftpd[1014]: CONNECT: Client "209.203.14.50" Jan 1 16:25:20 vsftpd[1013]: [claire] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:22 vsftpd[1013]: [claire] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:24 vsftpd[1013]: [claire] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:25 vsftpd[1017]: CONNECT: Client "209.203.14.50" Jan 1 16:25:26 vsftpd[1016]: [clarence] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:28 vsftpd[1016]: [clarence] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:29 vsftpd[1016]: [clarence] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:31 vsftpd[1020]: CONNECT: Client "209.203.14.50" Jan 1 16:25:31 vsftpd[1019]: [clarissa] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:33 vsftpd[1019]: [clarissa] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:34 vsftpd[1019]: [clarissa] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:36 vsftpd[1023]: CONNECT: Client "209.203.14.50" Jan 1 16:25:37 vsftpd[1022]: [clark] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:38 vsftpd[1022]: [clark] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:40 vsftpd[1022]: [clark] FAIL LOGIN: Client "209.203.14.50" Jan 1 16:25:41 vsftpd[1025]: CONNECT: Client "209.203.14.50" Jan 1 16:25:42 vsftpd[1024]: [claudia] FAIL LOGIN: Client "209.203.14.50"

êàê ÿ ïîíèìàþ, ñóäÿ ïî ëîãó ïûòàþòñÿ ïîäîáðàòü ïàðîëü ê ðîóòåðó, â ÷àñòíîñòè ê ôòï

ñîîáñòâåííî âîçíèêàåò âîïðîñ, êàê ìàêñèìàëüíî îáåçîïàñèòü,
1. êàê ïîìåíÿòü ïàðîëè äëÿ ê telnet, ssh?
2. êàêèå ïðàâèëà ïðîïèñàòü â iptables, îò íàçîéëèâûõ áðóòôîðñåðîâ?

Show 40 post(s) from this thread on one page