Automatic blocking
alan
alan at clueserver.org
Wed Aug 16 16:24:26 UTC 2006
On Wed, 16 Aug 2006, Ashley M. Kirchner wrote:
>
> I looked around on the web and found a few different programs to do this,
> so I thought I'd ask here for advice: what are people using to automatically
> block incoming attacks via ssh and ftp? I'm referring to those script
> kiddies who simply hit your system over and over and over again in a very
> short period of time, probing both the ssh as well as the ftp daemons trying
> to log in.
>
> And related to the question, what's the best practice here, adding them to
> /etc/hosts.deny or dropping the traffic with iptables?
I have been using the denyhosts package from extras. (For the SSH
traffic.) Seems to work pretty well. I have not tried modifying it for
ftp.
There are a number of programs that all do similar blocking. Some are
iptables, some are hosts.deny. A search on freshmeat.net will probably
give you a good starting list.
--
"I want to live just long enough to see them cut off Darl's head and
stick it on a pike as a reminder to the next ten generations that some
things come at too high a price. I would look up into his beady eyes and
wave, like this... (*wave*!). Can your associates arrange that for me,
Mr. McBride?"
- Vir "Flounder" Kotto, Sr. VP, IBM Empire.
More information about the fedora-list
mailing list