[nos-bbs] JNOS with public telnet
Michael Fox - N6MEF
n6mef at mefox.org
Wed Jun 1 12:49:57 EDT 2011
What is the experience out there with allowing public telnet access to JNOS?
And, if you do allow it on your machine, what security measures have you
taken?
Some background:
On my Linux machine, I have iptables rules to avoid SYN attacks and rules to
avoid more than X number of connections from a given host within Y amount of
time. These apply to connections to linux as well as connections forwarded
across the tunnel to JNOS. This puts a damper on brute force attacks such
as dictionary attacks.
However, linux is also running DenyHosts which is set to disallow (forever)
connections from machines that have more than X failed login attempts in a
row. This pretty much kills dictionary attacks except if they come from
multiple machines. Every day, I record at least one (sometimes two or
three) machines that have been added to the denyhosts file. So I know for
sure that there is a constant flow of attack.
Since something like DenyHosts is not available at the JNOS level, the
iptables rules can slow down, but not completely stop brute force attacks
from a given hosts. So, I'm wondering if anyone with public telnet access
has any other tricks up their sleeve for helping to secure JNOS.
Thanks,
Michael
N6MEF
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20110601/aec1262d/attachment.html>
More information about the nos-bbs
mailing list