Unix Technical Forum

filtering with ipsec

This is a discussion on filtering with ipsec within the AIX Operating System forums, part of the Unix Operating Systems category; --> I would like to know if it is possible, with AIX Ipsec, to limit connection rate on a specific ...


Go Back   Unix Technical Forum > Unix Operating Systems > AIX Operating System

filtering with ipsec filtering with ipsec

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-05-2008, 11:55 AM
Patrick Begou
 
Posts: n/a
Default filtering with ipsec
I would like to know if it is possible, with AIX Ipsec, to limit
connection rate on a specific port. Every night I have some computers
trying user/password combinations on my AIX host which provide ssh
access. I would like to limit at 1 new ssh connection attempt every 5 mn
or, better, if a host reach 5 or 10 successive failure, block its access.

I'm reading docs on Ipsec (man, red books...) but do not find any
pertinent informations for this problem.

Patrick
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 01-05-2008, 11:55 AM
Bela
 
Posts: n/a
Default Re: filtering with ipsec
Patrick Begou <Patrick.Begou@hmg.inpg.fr> wrote:
PB> I would like to know if it is possible, with AIX Ipsec, to limit
PB> connection rate on a specific port. Every night I have some computers
PB> trying user/password combinations on my AIX host which provide ssh
PB> access. I would like to limit at 1 new ssh connection attempt every 5 mn
PB> or, better, if a host reach 5 or 10 successive failure, block its access.
PB>
PB> I'm reading docs on Ipsec (man, red books...) but do not find any
PB> pertinent informations for this problem.
PB>
PB> Patrick

If you *know* where your ssh users are connecting from, you can set the
"AllowUsers" stanza in sshd_config (see "man sshd_config").

The `ipsec' suit is AIX's firewall, and while in principle it can be used
to accomplish what you want, it would require too much effort. You would have
to monitor the illicit attempts and write a script to use ipsec's commands to
set up firewall rules.

I found it much easier to adapt methods from the Linux-world into AIX. Google
for "denyhosts" or "blockhosts". Both use "Python", so you'd need that, and
"tcpwrappers". In addition, you'll have to compile your "sshd" with "libwrap.a"
from "tcpwrappers", so "/etc/hosts.deny" and/or "/etc/hosts.allow" can be
configured to block brute-force login attempts. "tcpwrappers" is a very elegant
but effective security tool with a minimal footprint - don't leave home w/o it!

Both methods can be configured to block login attempts after a pre-set number
of failures, and remove the blockade after a given time. "denyhosts" has more
options, "blockhosts" is simpler. Both work well in AIX.

--
"... I shook my family tree, and a bunch of NUTS fell out ..."
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« login in script | AIX - Java14_64.sdk base file set 1.4.0.0 »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


All times are GMT. The time now is 10:45 AM.

Contact Us - Unix Technical Forums - Top

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0
www.UnixAdminTalk.com