annoying brute force attack attempt using ssh
Scott van Looy
scott at ethosuk.net
Thu May 15 11:25:10 UTC 2008
Today Peter McNeil did spake thusly:
>> Ran iptables -L just to make sure my rule was there and it was
>> in the end had to use hosts.deny to block the IP
>>
>> Anyone got any ideas why?
>>
> I do this http://thunderbox.org/?page_id=4
Much better way is to do something like this:
iptables -N SSH_CHECK
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m recent --set --name SSH
iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name
SSH -j DROP
Which I used to use when I hand wrote my firewall. But as I'm trying to
use system-config-firewall these days I've no idea how to add these custom
rules...
--
Scott van Looy - email:me at ethosuk.org.uk | web:www.ethosuk.org.uk
site:www.freakcity.net - the in place for outcasts since 2003
PGP Fingerprint: 7180 5543 C6C4 747B 7E74 802C 7CF9 E526 44D9 D4A7
-------------------------------------------
|/// /// /// /// WIDE LOAD /// /// /// ///|
-------------------------------------------
In my experience, if you have to keep the lavatory door shut by extending
your left leg, it's modern architecture.
-- Nancy Banks Smith
More information about the fedora-list
mailing list