andersonfam.org

I know there are a few of you out there that admin linux boxes either for hobby or work, so I thought I’d pass this along…

If you pay any attention to your syslogs at all (which you should), you’ll already know this, but in the last year or so, the occurrance of SSH brute force attacks has gone up significantly. For the non-geek (a.k.a. people who have lives), SSH is a way of gaining access to a server remotely. For instance, the server I rent is actually in San Diego - so when I need to change something, I can’t just waltz up to it, turn the monitor on, and make the change. I have to run a program on my laptop called an SSH client which I use to connect over the internet to my server. Once the connection is made, all communications between the server and client are encrypted. Now - what’s this brute force you speak of? I’ll explain. There are many people around the world whose goal in life is to create as much mischief as possible - on the internet, this mischief often comes in the form of hacking attempts. Brute force attacks are a type of “hacking”. Basically, when someone launches a brute-force ssh attack, they try an arbitrary list of common usernames in combination with weak passwords. In server logs, it’s brutally obvious when an attack like this happens. See this for an example of what these attacks look like in the server logs. You can see that they’re just trying random usernames. 99% of the time, these attacks fail, fortunately, but every once in a while, they succeed in breaking into your system. Once that happens, they usually take over your server and use it for sending spam, viruses, etc. Not good - the end result after you discover you’ve been had is a server re-installation.

There are many ways to thwart these attacks - running sshd on a non-standard port, disabling password auth, implementing port knocking, etc. None of these options are acceptable for someone in my position, though, who has several (non-technical) users who need remote access into the machine to update websites, check email, and so on.

Enter DenyHosts. It’s a fairly simple python script written by a guy named Phil Schwartz. Put simply, DenyHosts runs periodically on the server, reading through the system logs. If it detects a brute-force attack, it adds the offending computer’s IP address to the /etc/hosts.deny file. This effectively cuts off all access to the server from that computer. Problem solved. Oh, and it also is able to send email to me when it detects an attack.

I was actually about mid-way through the process of writing a perl script to do just this when I stumbled upon DenyHosts. I gave it a try, and it worked just as advertized, so I figured it wasn’t worth re-inventing the wheel. That’s why I love open-source software. For the great majority of problems, there’s an open-source app that will get you ninety percent of the way to solving your problem, just requiring a bit of tweaking to bring the solution to completion.

So anyway - if you run a publicly-accessible *nix box w/ SSH available, I’d highly recommend you give DenyHosts a try. It really sets your mind at ease - not having to worry that some script kiddie is going to own your box.

Tags: general by erik
3 Comments »

I received the EVDO card today from Sprint, and I’ve been working (over VPN) on it for the last hour or so. I’m quite impressed. The bandwidth I’m seeing matches right up with what I expected - 500-650 down and 80-100 up. Not bad. Makes working from the ‘bou all the less frustrating :-)

Tags: general by erik
2 Comments »

Sprint’s slowly rolling out their high-speed EVDO service in the area. Currently, they only have EVDO turned on in the central metro corridor, but it sounds like they’ll have the whole metro area lit up by the end of Q1, ‘06. I ordered one of their EVDO pcmcia cards today, and am very excited to see how it performs. Currently at work, we have 2 of the 1xRTT data cards, which work well, but are *very* slow. Word on the street is that the new EVDO cards are getting about 700kbit sustained, burstable to 2mbit. It would be pretty incredible if that were true. That’s more than enough to stream internet radio while in the car :-). Sure, the latency will still be quite bad, (probably not quick enough for gaming), but it’s not to hard to deal w/ that for normal day-to-day work.

Tags: general by erik
No Comments »

I just read that Cindy Sheehan, the de-facto figurehead of the American anti-war movement, was arrested during a protest at the White House.

While I truly do appreciate the fervor with which she and many others have voice their opposition to the war in Iraq during the past months and years, I have to say, they (protesters in general) lose a ton of credibility in my book when they cross the line and start breaking laws. Yes - there will be the nay-sayers that will claim that she was unjustly arrested just to get rid of her for a few hours, but if you ask me, obstructing traffic along the sidewalk in front of the White House is nothing to take lightly, and if the news reports are accurate, she and the others did deserve to get arrested.

Tags: general by erik
8 Comments »

Preface: one of Apple’s selling points for the new v5 iTunes is a more “intelligent” shuffle algorithm.

Story: I’m sitting here innocently listening to some tunes in Party Shuffle mode and I hear this segue.

That’s Moby’s “Guitar, Flute, and String” into Chris Rice’s arrangement of “For the Beauty of the Earth”. Yes, they two aren’t in the same key, but that’s about as good as it gets for a semi-random machine-generated segue, huh?

Just thought I’d share.

Tags: general by erik
1 Comment »