Topic: Linux

After a very extended absence, I have finally returned. There have been no updates to the site since before March because I have been caught up with real life. For the record, I am in the Army Reserve and I needed to attend training for my specific Miltary Occupational Specialty. It took a long time and during that time, I was not able to make any specific updates to the site. My impending absence was the original reason that I moved all my web sites and other items to a dedicated hosting provider rather than continue to host them from my location.

The Web Server has been moved to a new hosting provider.

This article is basically a follow-up to the last article where I mentioned how to configure Shorewall to limit the number of connections per IP to SSH in order to restrict Brute-Force attempts against SSH. This article will provide a howto for setting up a generic per-IP rate limit that can be reused for multiple ports, services and connections with different limits depending on how you configure the rules. This would allow you to, for example, setup SSH with a 3 connection per IP each minute limit, and also setup FTP with 4 connections per IP per minute to help guard against brute force attacks directed at an FTP server as well.

A new netfilter called recent has been added to IPTables and newer versions of Shorewall can actually use this netfilter for varied functionality. This article will basically talk about how to use this netfilter to protect against Brute Force attacks against SSH which is a current issue as Linux gets more popular. While SSH itself is fairly secure against most of these scripted attacks, they are still fairly annoying for most admins who monitor systems because they take up space in the log files and all the extra "noise" can possibly be used to mask a successful attempt to compromise a system.

At any rate, it is possible to restrict the number of attempts that each IP gets to connect on particular ports. While this could also be used to build a DOS protection scheme, it is particularly useful in protecting against unrestricted Brute Force attacks against SSH. Now, on to the details:

Desktop Linux highlights a story from an author who moved his elderly mother and father from Windows to Linux. "The author explains how he moved his elderly parents from a problematic Windows XP desktop system to Mandriva PowerPack 10, leaving spyware, viruses, slow performance, and myriad other problems behind."