From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Wed, 17 Oct 2007 17:05:00 +0400 From: Timur Batyrshin To: sysadmins@lists.altlinux.org Message-ID: <20071017170500.39b79559@batyrshin.ieml.ru> In-Reply-To: References: <20071010093734.42b1874d@batyrshin.ieml.ru> Organization: IEML X-Mailer: Claws Mail 2.10.0cvs158 (GTK+ 2.10.6; i586-alt-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0255], KAS30/Release X-SpamTest-Info: Not protected X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.10/RELEASE, bases: 17102007 #410364, status: clean Subject: Re: [Sysadmins] IDS lists X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: ALT Linux sysadmin discuss List-Id: ALT Linux sysadmin discuss List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Oct 2007 13:05:12 -0000 Archived-At: List-Archive: Vladimir V. Kamarzin (Wed, 10 Oct 2007 12:23:14 +0600): > TB> =D0=90 =D0=B5=D1=81=D1=82=D1=8C =D0=B2 =D0=BF=D1=80=D0=B8=D1=80=D0= =BE=D0=B4=D0=B5 =D1=87=D1=82=D0=BE-=D0=BD=D0=B8=D0=B1=D1=83=D0=B4=D1=8C =D0= =B3=D0=BE=D1=82=D0=BE=D0=B2=D0=BE=D0=B5 =D0=BD=D0=B0=D0=BF=D0=BE=D0=B4=D0= =BE=D0=B1=D0=B8=D0=B5 =D1=8D=D1=82=D0=BE=D0=B3=D0=BE: > TB> =D0=A4=D0=B0=D0=B9=D1=80=D0=B2=D0=BE=D0=BB=D0=BB =D0=BB=D0=BE=D0=B3= =D0=B8=D1=80=D1=83=D0=B5=D1=82 =D0=B4=D1=80=D0=BE=D0=BF=D0=BD=D1=83=D1=82= =D1=8B=D0=B5 =D0=BF=D0=B0=D0=BA=D0=B5=D1=82=D1=8B =D0=B8 =D0=BF=D0=BE=D1=82= =D0=BE=D0=BC =D0=BD=D0=B0 =D0=BE=D1=81=D0=BD=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8= =D0=B8 =D1=8D=D1=82=D0=BE=D0=B3=D0=BE > TB> =D0=B2=D1=8B=D0=BD=D0=BE=D1=81=D0=B8=D1=82=D1=81=D1=8F =D1=80=D0=B5= =D1=88=D0=B5=D0=BD=D0=B8=D0=B5 =D0=BE =D0=B1=D0=BB=D0=BE=D0=BA=D0=B8=D1=80= =D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D0=B8 =D0=BD=D0=B5=D0=BA=D0=BE=D1=82=D0=BE= =D1=80=D1=8B=D1=85 =D0=B0=D0=B4=D1=80=D0=B5=D1=81=D0=BE=D0=B2. =D0=9D=D0=B0= =D0=BF=D1=80=D0=B8=D0=BC=D0=B5=D1=80, > TB> =D0=B5=D1=81=D0=BB=D0=B8 =D0=BA=D0=B0=D0=BA=D0=BE=D0=B9-=D0=BD=D0=B8= =D0=B1=D1=83=D0=B4=D1=8C =D0=BA=D0=B8=D1=82=D0=B0=D0=B5=D1=86 =D1=83=D1=81= =D0=B5=D1=80=D0=B4=D0=BD=D0=BE =D0=BF=D0=B5=D1=80=D0=B5=D0=B1=D0=B8=D1=80= =D0=B0=D0=B5=D1=82 =D0=BF=D0=B0=D1=80=D0=BE=D0=BB=D0=B8 =D0=BA ssh, =D0=B8= =D0=BB=D0=B8 > TB> =D0=BB=D0=BE=D0=BC=D0=B8=D1=82=D1=81=D1=8F =D0=BF=D0=BE =D1=81=D0=B5= =D1=82=D0=B8 =D0=BD=D0=B0 135 =D0=BF=D0=BE=D1=80=D1=82 (=D0=B7=D0=BD=D0=B0= =D1=87=D0=B8=D1=82 =D1=82=D0=B0=D0=BC =D0=BD=D0=B0=D0=B2=D0=B5=D1=80=D0=BD= =D1=8F=D0=BA=D0=B0 > TB> =D1=82=D1=80=D0=BE=D1=8F=D0=BD=D0=B5=D1=86-=D1=81=D0=BF=D0=B0=D0=BC= =D0=BC=D0=B5=D1=80), =D1=82=D0=BE =D0=BC=D0=BE=D0=B6=D0=BD=D0=BE =D0=B5=D0= =B3=D0=BE =D0=B5=D1=81=D0=BB=D0=B8 =D0=BD=D0=B5 =D1=81=D0=B5=D1=82=D1=8C, = =D1=82=D0=BE =D1=85=D0=BE=D1=82=D1=8F =D0=B1=D1=8B =D0=B0=D0=B4=D1=80=D0=B5= =D1=81 > TB> =D0=BE=D1=82=D1=84=D0=B8=D0=BB=D1=8C=D1=82=D1=80=D0=BE=D0=B2=D0=B0= =D1=82=D1=8C =D0=BD=D0=B0 =D0=B4=D0=BE=D1=81=D1=82=D1=83=D0=BF =D0=BA =D1= =81=D0=B5=D1=80=D0=B2=D0=B5=D1=80=D1=83 =D1=81=D0=BE=D0=B2=D1=81=D0=B5=D0= =BC (=D0=B8=D0=BB=D0=B8 mirror =D0=BA=D0=B0=D0=BA=D0=BE=D0=B9 =D0=BD=D0=B0 > TB> =D0=BD=D0=B5=D0=B3=D0=BE =D1=81=D0=B4=D0=B5=D0=BB=D0=B0=D1=82=D1=8C)= . =D0=A7=D1=82=D0=BE-=D1=82=D0=BE =D0=BF=D0=BE=D0=B4=D0=BE=D0=B1=D0=BD=D0= =BE=D0=B5 =D0=B5=D1=81=D1=82=D1=8C =D0=B2 =D0=B2=D0=B8=D0=BD=D0=B4=D0=BE=D0= =B2=D0=BE=D0=B7=D0=BD=D0=BE=D0=BC =D0=BA=D0=B0=D1=81=D0=BF=D0=B5=D1=80=D0= =B5 -- > TB> "=D0=91=D0=BB=D0=BE=D0=BA=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D1=82=D1=8C = =D1=81=D0=B5=D1=82=D1=8C =D0=B0=D1=82=D0=B0=D0=BA=D1=83=D1=8E=D1=89=D0=B5= =D0=B3=D0=BE". >=20 > =D0=9F=D1=80=D0=B8=D0=BC=D0=B5=D1=80 =D0=B1=D0=BB=D0=BE=D0=BA=D0=B8=D1=80= =D0=BE=D0=B2=D0=BA=D0=B8 ssh =D0=BE=D1=82 asy@: >=20 > # cat /etc/net/ifaces/top/fw/iptables/filter/INPUT > [...] > # ssh restriction > -p TCP --syn --dport 22 -s xxx.xxx.xxx.0/28 -j ACCEPT > -p TCP --syn --dport 22 -m recent --name ssh_rate_limit --set > -p TCP --syn --dport 22 -m recent --name ssh_rate_limit --update > --seconds 60 --hitcount 4 -j LOG > -p TCP --syn --dport 22 -m recent --name ssh_rate_limit --update > --seconds 60 --hitcount 4 -j DROP =D0=90 =D0=B2 =D0=BF=D0=BE=D1=81=D0=BB=D0=B5=D0=B4=D0=BD=D0=B5=D0=BC =D1=81= =D0=BB=D1=83=D1=87=D0=B0=D0=B5 =D0=BD=D0=B5 =D0=BB=D1=83=D1=87=D1=88=D0=B5 = =D0=B1=D1=83=D0=B4=D0=B5=D1=82 --rcheck =D0=B2=D0=BC=D0=B5=D1=81=D1=82=D0= =BE --update ? =D0=98=D0=BD=D0=B0=D1=87=D0=B5 =D0=BA=D0=B0=D0=B6=D0=B4=D1=8B=D0=B9 syn =D0= =B1=D1=83=D0=B4=D0=B5=D1=82 =D1=81=D1=87=D0=B8=D1=82=D0=B0=D1=82=D1=8C=D1= =81=D1=8F =D0=B4=D0=B2=D0=B0=D0=B6=D0=B4=D1=8B.