brute force ssh attack
Marko Vojinovic
vvmarko at panet.co.yu
Sat May 7 21:57:25 UTC 2005
On Saturday 07 May 2005 02:09, P. Thompson wrote:
> On Wed, 4 May 2005, Daniel B. Thurman wrote:
> > Folks,
> >
> > Seems that I am getting daily brute-force ssl attacks --
> > Anything I can or should do?
>
> I wrote a little script that adds an iptables rule to drop the attacking
> ip address for an hour then remove the block. An hour might be overkill,
> but they never come back from the same address.
>
> It does not block on false users from IP ranges I normally come in from so
> if I fat-finger my login I'm not screwed for an hour.
>
> I keep my sshd unblocked because I periodically ssh in from previously
> unknown quarters and want that flexibility.
Is there an easy way to manually block a specific IP? I would like to be able
to block and unblock a couple of IPs when I seem fit, but since I am a
begginer man iptables seems far too techy for me. Is there a recipe for this?
Also, are you willing to share your script with us (I guess I could learn from
it)?
Best regards,
Marko
More information about the fedora-list
mailing list