router security
NoOp
glgxg at sbcglobal.net
Sun May 24 23:29:05 UTC 2009
On 05/24/2009 12:28 PM, Robert Holtzman wrote:
> On Fri, 22 May 2009, NoOp wrote:
>
> .........snip........
>
>> I don't disagree w/dual nics (I actually connect my wireless router
>> (different subnet) to a wired router with a considerably stronger
>> built-in firewall). However I wonder if the Elcomsoft approach is really
>> anything new (other than the fact that they can now use gpu's to speed
>> up the attacks). The 'auditing' software performs brute force password
>> attacks; wouldn't fail2ban and denyhosts and iptables suffice to block
>> such attacks to begin with?
>
> Would denyhosts be useful if there is no sshd server? No flames about
> not using one. Until now I never considered using it.
>
Actually, even if you do not have sshd enabled, I think that denyhosts
will help in the event your router firewall is hacked. It will ban IP's
that are making ssh attack attempts on your system. That in combination
with fail2ban should cover most brute force attempts.
For example, I have a system that I maintain for a relative. They have
no firewall or NAT router w/firewall, just a simple dsl modem. With
those two utilities installed I can easily see that a considerable
amount of IP's are ban'ed on a regular basis. Either way, adding them
won't hurt.
Note: neither will help at the router; you'll need to use your router
firewall services (if any) to block as best you can there. Specifically
which routers do you use?
More information about the ubuntu-users
mailing list