How to deny suspicious hosts

Hello everyone!
Lately We have been getting ssh errors such as this:
Invalid user tky from 222.73.216.8
fatal: initgroups: NOUSER: No such file or directory
/etc/sshd_config line 74: Unsupported option KerberosGetAFSToken
Invalid user tkz from 222.73.216.8
fatal: initgroups: NOUSER: No such file or directory
/etc/sshd_config line 74: Unsupported option KerberosGetAFSToken
But several 100s of them. We have OSX server 10.5 and from what I understand this has an adaptive firewall. Well it doesn't seem to be doing much. We also have a hosts.allow file with just the ip address that are allowed to connect. That doesn't seem to be stopping these attacks either.
What can I do to prevent these attacks?

Would this be something I could use?
No. This will not stop dictionary attacks against your ssh server. What it could do is be used as a DOS against your directory server. Any Internet facing system that employs a directory backend could easily be used as way to deny service to your internal clients simply by way of overwhelming it with requests. Vulnerabilities in the Pluggable Authentication Module (PAM) could possibly lead to privilege escalation that might be used to take over the box, also.
And if I set up that, does that mean that only those computers which are authenticated to OD are allowed to access ssh?
Yes. Even employing the GSSAPI-with-MIC method of login would limit the ability to login to the server to OD bound clients only.
Does this mean I will not be able to ssh into the server form home?
Yes.
Your best course of action is to employ key-based authentication -denying password authentication and 'root' user logins- by employing a method of blocking password-based attacks such as one of the software solutions posted earlier. Manually adding hosts to the /etc/hosts.deny file will soon become a daily task for you to protect your ssh server.

Similar Messages

  • How to resolve a host name from IP using JNDI/DNS service provider

    Hi
    I got two questions on JNDI/DNS service provider:
    1) How to resolve a host name when i got an IP
    I understand How I do it inverse.
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
    env.put(Context.PROVIDER_URL, "dns://"+server+"/"+domain);
    DirContext ictx = new InitialDirContext(env);
    Attributes attrs1 = ictx.getAttributes(host, new String[] {"A"});
    2) This example above works when I specify the domain in the provider url.
    If I am not specifing a domain but only the dns server I got an NameNotFoundException.
    What should I do if I don't got the domain?
    get the availible domains and loop on them?

    Hi,
    if your DNS server supports that, you can do a reverse DNS lookup. This works as follows:
    String server = "your.dns.server";
    String domain = "in-addr.arpa";
    String ip = "4.3.2.1";
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
    env.put(Context.PROVIDER_URL, "dns://" + server + "/" + domain);
    DirContext ictx = new InitialDirContext(env);
    Attributes attrs1 = ictx.getAttributes(ip, new String[] {"PTR"});1: Use the pseudo-domain in-addr.arpa
    2: Use the reverse IP address for lookup, i.e. if your host has 1.2.3.4, use 4.3.2.1!!
    3: Request the PTR attribute
    see also [http://en.wikipedia.org/wiki/Reverse_DNS_lookup|http://en.wikipedia.org/wiki/Reverse_DNS_lookup]
    Martin

  • How can I set #HOST# variable referenced in the Chart template?

    #HOST# and #HOST_PROTOCOL# are being set incorrectly by APEX from CGI variables when I create a chart. I am using APEX 4.1 and Oracle 11g. The get the continual "Loading data..." and then after it times out I get "Error loading file".
    Before we changed to a secure http environment, our charts worked. After we changed to the new web layer, the charts do not work. The #HOST# substitution was set to http://correctservername/ and #HOST_PROTOCOL# was set to http. We set PlsqlCGIEnvironmentList REQUEST_PROTOCOL=https in the dads configuration file and now the #HOST# displays https but it also includes the default port number which we do not want (https://correctservername:port/) The charts work without the port. REQUEST_PROTOCOL is not in the cgi list and setting this variable set #HOST_PROTOCOL#. What variable can we set to make #HOST# correct. It seems like #HOST# is being set by #REQUEST_PROTOCOL#'://'||HTTP_HOST||':'||SERVER_PORT||SCRIPT_NAME||'/'. SERVER_NAME could also be used in of HTTP_HOST. I don't know how APEX is setting #HOST#. Does it come from a host alias somewhere in the environment?
    I don't want to add a new cgi variable called HOST because HOST sounds so generic and it might interfere with something else running in our environment. Or, I don't want to change the plsql cgi environment variable (such as HTTP_HOST) because many developers may use owa_util.get_cgi_env('HTTP_HOST') to get the current server. If the SERVER_PORT is part of the #HOST# then what could I change it to if it needs to be null. If you leave it blank, then the default SERVER_PORT comes from the CGI variables.
    I would rather not create a global variable (hard-coding) and create a new chart template using the global variable or create a before header application process to re-direct url without a port.
    Edited by: Donna C-Houston on Oct 10, 2012 1:06 PM

    Hi Donna,
    changing the CGI environment variables HTTP_HOST, REQUEST_PROTOCOL and SERVER_PORT is the correct way how to resolve this, because it appears that your hiding the web server where you have installed mod_plsql or EPG by a different outside facing web server (also called reverse proxy). That's why APEX gets the host name, protocol and port of the internal web server, but should actually get the values of your reverse proxy web server. Can can fix that by changing the following CGI environment variables.
    HTTP_HOST should just contain the domain name (no protocol or port). For example: www.oracle.com
    REQUEST_PROTOCOL should contain http or https
    SERVER_PORT should be the port for https
    I don't want to add a new cgi variable called HOST because HOST sounds so generic and it might interfere with something else running in our environment. Or, I don't want to change the plsql cgi environment variable (such as HTTP_HOST) because many developers may use owa_util.get_cgi_env('HTTP_HOST') to get the current server. If the SERVER_PORT is part of the #HOST# then what could I change it to if it needs to be null. If you leave it blank, then the default SERVER_PORT comes from the CGI variables.The value of HTTP_HOST is wrong anyway and points to your internal web server, but I assume your developers actually want to get the host name of your external web server if they use it to generate absolute URLs. That's why I wouldn't bother and set it to the correct host name.
    Regards
    Patrick
    My Blog: http://www.inside-oracle-apex.com
    APEX Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf

  • I would like to ask how to retrieve Sever/Host IP address.

    Hello,
    I would like to ask how to retrieve Sever/Host IP address.
    sys_context('USERENV', 'IP_ADDRESS') returns client's IP address only, but what I want to acquire is Host/Server IP address
    Thank you

    This is why it is generally useful to mention the version of Oracle you are using, particularly if you are using a version 4 releases old...
    That said, you can probably still use the UTL_INADDR package
    SQL> select utl_inaddr.get_host_name( null ) from dual;
    UTL_INADDR.GET_HOST_NAME(NULL)
    DDBCJC01
    SQL> select utl_inaddr.get_host_address( null ) from dual;
    UTL_INADDR.GET_HOST_ADDRESS(NULL)
    192.168.1.107Justin
    Edited by: Justin Cave on Sep 29, 2008 10:54 PM

  • How do I create/host interactive articles with embedded video for use in browsers?

    I'm seeking a little guidance -
    How do I create/host interactive articles with embedded video for use in browsers?
    The aim is to bring together video, design, images and writing in one place. A little like Born Presents, but very accessible and user friendly.
    I'm happy using InDesign but want to create interactive articles / magazines that have embeded video files as required. I've been looking at .SWF files but I've come unstuck.
    I want people to view the articles via a blog, ideally with them opening in a lightbox style viewer. It's not intended for tablet viewing and people should be able to view and interact with the files with little effort on their part.
    I think I know how to create these files within InDesign, but I'm not so hot on web design and I'm not sure how to host these online. Does this start coming into the realms of Flash?
    If anyone could point in the right direction I'd really appreciate it - Thank you in advance.

    PDF is one thing. Folios for DPS is another. There is a little bit of
    overlap but not much.
    The interactivity in the folio overlays panel is for DPS only.

  • How to retrieve the host prefix in a workflow step

    HI i am trying to generate a link in a process step, but I dont know how to get the host prefix http://localhost:4503
    any idea?
    thanks

    You should use the Externalizer: http://dev.day.com/docs/en/cq/current/developing/externalizer.html

  • How to add/modify host entry in iPad

    How to add/modify host entry in the iPad Mini.
    Is there anyway to achieve this in the iPad Mini, like any equivalent DNS configuration.

    Point your DNS configuration to a local one in which you can add all tue IP aliases that you dream of.

  • Access denied: HTTP - Host Request with Widget Foundation + Yahoo

    Hi,
    I have a problem with the new Yahoo widget engine's (4.5) suggested structure, when trying to execute an RFC request.
    An older version of my .kon file has a classic structure, and it works fine, I write the script into the .kon file, it looks like this:
            <action trigger = "onLoad">
            <![CDATA[
                     // Standard SAP Widget Foundation Libraries
                     include("js/utils/Common.js");
                     include("js/utils/PlatformUtil.js");
                     include("js/utils/Timer.js");
                     include("js/utils/DataLoader.js");
                     include("js/utils/RFCRequest.js");
                     request.execute(function(response) ...
            ]]>
            </action>
    When I try to use the new structure (the .kon file contains only the source of the script, no CDATA, just  'src = "Scripts/Main.js"' ), and execute the request from the source JavaScript file, then I get this error:
    utils.DataLoader]> Exception was catched: XMLHttpRequest.send(): Access denied: HTTP - Host Request.
    Saw anybody this problem already?
    Thanks,
    Gyuri

    Hi,
    Yahoo has added security control in widgets since 4.5. You should add tag <security> in your widget.xml
         <security>
              <http>all</http>
              <filesystem>full</filesystem>
              <command>true</command>
              <hotkey>true</hotkey>
         </security>
    http://widgets.yahoo.com/static/downloads/WidgetsReference_4.5.zip page 33.
    Eriks

  • How do I verifysites hosted on adobe business catalyst with google?

    How do I verifysites hosted on adobe business catalyst with google?

    Hey MARTI BETZ,
    If you're referring to Google Webmaster Tools, as provided in the link below, there are multiple ways in order to verify your site. The easiest method would be to verify your site ownership by adding a DNS record. If you have redelegated your domain to use BC's nameservers, simply add the appropriate record via Site Settings > Site Domains.
    https://support.google.com/webmasters/answer/35179?hl=en

  • How stream Video at host, at me site using Adobe Flash Media Streaming?

    Please help me how stream Video at host, at me site using Adobe Flash Media Streaming? With using localhost and my ip I can just watch streaming in my computer. How should i configure my server to watch streaming at my site?
    Please help!
    Thank you!

    Petro,
    I have chacked code and changed src.
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
    <head>
    <title>SWFObject 2 static publishing</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <script type="text/javascript" src="scripts/swfobject.js"></script>
    <script type="text/javascript">
    swfobject.registerObject("flashId", "9.0.0", "flash/expressInstall.swf");
    </script>
    </head>
    <body>
    <div>
    <object width="600" height="409"> <param name="movie" value="http://fpdownload.adobe.com/strobe/FlashMediaPlayback_101.swf"></param><param name="flashvars" value="src=http://192.168.100.4/hds-live/livepkgr/_definst_/liveevent/livestream.f4m&poster=http%3A%2 F%Fosmf.org%2Fimages%2Fposter_cathy_fmp.jpg&autoPlay=true"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://fpdownload.adobe.com/strobe/FlashMediaPlayback_101.swf" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true"  width="600" height="409" flashvars="src=http://192.168.100.4/hds-live/livepkgr/_definst_/liveevent/livestream.f4m&poster=http%3A%2 F%2Fosmf.org%2Fimages%2Fposter_cathy_fmp.jpg&autoPlay=true"></embed></object>
    <!--<![endif]-->
    </object>
    </div>
    </body>
    </html>
    But anyway I am facing same problem as I wrote already. I can see streaming just in my computer. From other computers it's writing error log. What should I do? Maybe I am trying to stream video at my site in a wrong way? I am using Adobe flash media Live Emcoder with Adobe flash Media Server 4.5. In my computer everything works fine. But I can't stream to otyer cimputers. Please help.

  • Don't understand how to find my host directory

    hello
    i am not understanding how to find my host directory when
    trying to connect from Dreamweaver MX2004 to my webspace,using the
    remote info page on the site definition window.
    Is the host directory on the server of the web space
    provider?
    And how do i know what the folder it is or how to find it?
    thanks in advance
    Jason King

    > Is the host directory on the server of the web space
    provider?
    > And how do i know what the folder it is or how to find
    it?
    Yes.
    > And how do i know what the folder it is or how to find
    it?
    Ask the host what the root directory of the website is named.
    It could be
    www, or public_html, or anything else. That would be what
    goes in the host
    directory field.
    Murray --- ICQ 71997575
    Adobe Community Expert
    (If you *MUST* email me, don't LAUGH when you do so!)
    ==================
    http://www.dreamweavermx-templates.com
    - Template Triage!
    http://www.projectseven.com/go
    - DW FAQs, Tutorials & Resources
    http://www.dwfaq.com - DW FAQs,
    Tutorials & Resources
    http://www.macromedia.com/support/search/
    - Macromedia (MM) Technotes
    ==================
    "georgealmighty" <[email protected]> wrote
    in message
    news:etri9l$dqq$[email protected]..
    > hello
    > i am not understanding how to find my host directory
    when trying to
    > connect
    > from Dreamweaver MX2004 to my webspace,using the remote
    info page on the
    > site
    > definition window.
    >
    > Is the host directory on the server of the web space
    provider?
    > And how do i know what the folder it is or how to find
    it?
    >
    > thanks in advance
    > Jason King
    >

  • How to Trace oracle Host Type concurrent program

    How to Trace oracle Host Type concurrent program
    I have enabled trace in concurrent definition screen but couldnt get the trace file
    the Host script executes multiple plsql packages for interfaces and sent emails

    Hi,
    How to Trace oracle Host Type concurrent programSee (FAQ: Common Tracing Techniques within the Oracle Applications 11i/R12 [ID 296559.1]) -- 4. How does one enable trace for a concurrent program?
    I have enabled trace in concurrent definition screen but couldnt get the trace fileDo you mean the trace file is not generated?
    the Host script executes multiple plsql packages for interfaces and sent emailsIs this a seeded or custom concurrent program?
    Thanks,
    Hussein

  • How many  iviews are hosted by my portal ?

    Hello,
    As the sap basis guy, I've been asked how many iviews are hosted by our EP7(SP12) Portal.
    Is there any easy way to find anwer to this request : without manually counting ?
    Thank you in advance for your help.
    Best Regards.
    Raoul

    Do they mean how many in the PCD? Then use the iView search and count them. Do they mean used within roles? Then you need to open each role and look there - remembering to look inside pages etc.
    Do they mean used at run time? Then look at the portal activity reports.
    It's basically a meaningless request to make of you!

  • How to register the host

    Hi,
    When i am trying to open any transaction after loggin in in to xi system it is showing me error page.
    Pl tell me how to register the host
    Thanks
    Srini

    Hi,
    Host entry needs to be done in C:\WINDOWS\system32\drivers\etc\hosts File.(Not necessarily in C:, in the installation directory of ur OS)
    Give ur IP address followed by host name.
    Regards,
    P.Venkat

  • How to determine server host and server port

    Dear Experts.
    How to determine server host and server port where Webdynpro application is working.
    If the url is following
    http://sapr3dm:50500/webdynpro/dispatcher/local/ForecastingPowerProject2/NewObjectConnection?SAPtestId=6
    How to receive sapr3dm and 50500

    Hi,
    May be of use
    WDProtocolAdapter.getProtocolAdapter().getRequestObject().getServerName();
           WDProtocolAdapter.getProtocolAdapter().getRequestObject().getServerPort();
    Regards
    Ayyapparaj

Maybe you are looking for

  • Error when executing a query in ECC

    W'e're getting the following error when attempting to run a Crystal Report (2008) that uses an SAP ECC query as the datasource: Database Connector Error: "Screen output without connection to user" Anyone seen this before? Tried looking this up in the

  • Really ****** off - iTunes won't start?

    Okay, so I had iTunes 7.4 or something like that, maybe it was 7.1... Not really sure... And for christmas I got a new iPod Nano 4G 8gb, which required my iTunes to be atleast ver. 8.0, so I upgraded it. The upgrade went fine, but when I was browsing

  • Finder Warning When Booting

    I get the following message after restart or power on: "The last time you opened Finder, it unexpectedly quit while reopening windows. Do you want to try to reopen its windows again?" I have never seen this dialogue box in Mavericks.  I am running a

  • How to get Midi echo function?

    I can't get midi echo function: triggering contemporary 3 (or more) channels of a multi instruments. How can it be done?

  • T520 Unable to find any bluetooth device

    I bought a bluetooth adapter and turned my bluetooth speaker discoverable but it still cant find anything. All drivers are up to date. and my roommate's mac pro can search my bluetooth devices...