Results 1 to 10 of 10
How to block some ip / domain, if I found they were trying illegally ssh to my machine?...
- 08-29-2005 #1Just Joined!
- Join Date
- Aug 2005
- Posts
- 40
block some ip -illegal try by ssh
How to block some ip / domain, if I found they were trying illegally ssh to my machine?
- 08-29-2005 #2Linux Guru
- Join Date
- Mar 2004
- Posts
- 2,408
with route you can
Man RouteCode:/sbin/route add -host ip_address reject
with iptables you can
Man IptablesCode:iptables -I INPUT -s ip_address -j DROP
Brilliant Mediocrity - Making Failure Look Good
- 08-29-2005 #3Just Joined!
- Join Date
- Aug 2005
- Posts
- 40
1. Thanx, It works.
2. How to restrict
a) some users using ssh login
b) some users using telnet login
c) block others servces except dns, ftp, www. ssh - They are for temporay use, After I go thru the details, I will config them for my purpose. I want to do something at this moment.
3. Drop me some links for iptables you recomend.
- 08-29-2005 #4Linux Enthusiast
- Join Date
- Aug 2005
- Location
- Hell
- Posts
- 514
Perhaps use the "DenyUsers" option in your /etc/ssh/sshd_config (see "man sshd_config")?
Originally Posted by sf433
Also as a side note, if someone hacked into your computer, perhaps you should run the chkrootkit and rkhunter programs to check for rootkits.
- 08-29-2005 #5Linux Newbie
- Join Date
- Aug 2005
- Posts
- 213
hi, just wanted to ask a quick question here.....
how will i come to know that someone is hooked to my pc or is
trying to hook using ssh / telnet ?Cool Surfer - Registered linux user #397629
- 08-29-2005 #6Linux Newbie
- Join Date
- Mar 2005
- Location
- Fort Wayne, IN
- Posts
- 248
You can always check your access logs, which will list every attempt to login through ssh or telnet...
If you have sshd running, I would probably disable telnet and close that port on your router...Join the Open Source Revolution. Support GNU/Linux.
Find me at: www.deeksworld.com
Registered GNU/Linux User #395777
- 08-29-2005 #7Linux Newbie
- Join Date
- Aug 2005
- Posts
- 213
Any visual firewall thing ??!! like in windows zone alarm etc.
Cool Surfer - Registered linux user #397629
- 08-29-2005 #8Linux Guru
- Join Date
- Mar 2005
- Location
- Texas
- Posts
- 1,692
Another option is tcp wrappers. If you're launching sshd via the inetd server, you can modify allowed / blocked networks using /etc/hosts.allow and /etc/hosts.deny. If you're launching sshd via xinetd I believe each service has its own file (rather than a general file with many entries like inetd uses).
- 08-29-2005 #9Linux Guru
- Join Date
- Oct 2003
- Location
- The DairyLand
- Posts
- 1,666
just dont allow root login and 90% of the problem is gone! Originally Posted by sf433
and in the sshd config file you can allow only certais users to login with ssh
you can also switch authentication to a private 'key' and only the approved users are given that key! instead of using there user password ~Mike ~~~ Forum Rules
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
http://loft306.org
- 08-29-2005 #10Linux Guru
- Join Date
- Mar 2005
- Location
- Texas
- Posts
- 1,692
What distro? As was mentioned, /var/log/messages (for SuSE anyway) contains your SuSEfirewall2 messages along with accepted and failed logins.how will i come to know that someone is hooked to my pc or is
trying to hook using ssh / telnet ?
You can useto see who is doing what on your system.Code:w
You can useto look at active and listening ports.Code:netstat -atun
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
