More SSH 'trolling'
Björn Persson
listor1.rombobeorn at comhem.se
Fri Oct 15 14:56:54 UTC 2004
Vladimir G. Ivanovic wrote:
>>>>>>"d" == dave <drinker at dsrtech.com> writes:
>
> d> Blocking repeat SSH attacks with IPTables
> d>
> d> http://www.dsrtech.com/sshblock/
>
> At what point (i.e. with how many blocked IP addresses) does networking
> begin to slow down? Or is this not really a problem because the checks
> are only done at connection setup time?
As written, every incoming packet would be compared to those rules. You
couls however create a new chain, "blocked" say, and configure the log
watcher to add the rules to that chain. In the main "INPUT" chain you
would then have a rule to jump to the chain "blocked" only on connection
attempts to port 22.
Björn Persson
More information about the fedora-list
mailing list