IPTABLES question
Nicolas Mailhot
nicolas.mailhot at laposte.net
Tue Jul 18 20:37:47 UTC 2006
Le mardi 18 juillet 2006 à 15:00 -0500, Michael Yep a écrit :
> I have been blocking some IPs because they are brute forcing my ssh
> port. I access this server from many different places so I cant really
> just add a few hosts.
> I'm talking about 36000 attempts in a short time from some IP addresses
pam_abl (in extras) will work for you
The good thing is it works at the pam level and not by parsing logs
retroactively like denyhosts. So they can do their attempts in whatever
short time they want they'll get blacklisted anyway. And every pam-using
service is protected.
The bad thing is it works at the pam level, it won't interface with
iptables like denyhost so even if it's blocking something you'll still
pay some processing time. However I rather like the fact the bad guys
have no way to know they are blocked (unlike a firewall-level solution)
so they can't optimise attacks by giving up on hosts which have detected
them.
Of course if you never change your passwords and want to allow ssh
logins from everywhere a low-intensity distributed brute-force attack is
going to get you regardless of the solution used. But I don't think
crackers are that deseperate (yet)
--
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060718/ac300989/attachment-0001.sig>
More information about the fedora-list
mailing list