brute force ssh attack

Arthur Pemberton dalive at flashmail.com
Sun May 8 04:59:37 UTC 2005


Marko Vojinovic wrote:

>On Saturday 07 May 2005 02:09, P. Thompson wrote:
>  
>
>>On Wed, 4 May 2005, Daniel B. Thurman wrote:
>>    
>>
>>>Folks,
>>>
>>>Seems that I am getting daily brute-force ssl attacks --
>>>Anything I can or should do?
>>>      
>>>
>>I wrote a little script that adds an iptables rule to drop the attacking
>>ip address for an hour then remove the block.  An hour might be overkill,
>>but they never come back from the same address.
>>
>>It does not block on false users from IP ranges I normally come in from so
>>if I fat-finger my login I'm not screwed for an hour.
>>
>>I keep my sshd unblocked because I periodically ssh in from previously
>>unknown quarters and want that flexibility.
>>    
>>
>
>Is there an easy way to manually block a specific IP? I would like to be able 
>to block and unblock a couple of IPs when I seem fit, but since I am a 
>begginer man iptables seems far too techy for me. Is there a recipe for this?
>
>  
>
You may want to talk a look at this story I wrote:
http://www.dalive.com/dalug/softwarestories/view.php?rid=00000002

>Also, are you willing to share your script with us (I guess I could learn from 
>it)?
>
>Best regards,
>Marko
>
>  
>




More information about the fedora-list mailing list