I am still adjusting firewall rules to minimize the information available to a potential attacker both in terms of choosing targets and determining the effectiveness of an attack. I am having some problems trying to sort out why only allowing ssh and icmp through to certain hosts results in a password failure. I attempting to avoid disrupting legitimate traffic but some experimentation is needed to determine what is going on.
I had intended to post this to Eskimo North News. Since it is already posted here I’ll leave it since there will be references from other social media.
I have since discovered what was causing password failures. I had neglected to allow DNS packets so Iglulik’s TCP wrappers could not identify the originating host and determined if it was allowed to connect.