annoying brute force attack attempt using ssh
Peter McNeil
peter at mcneils.net
Thu May 15 11:29:00 UTC 2008
Scott van Looy wrote:
> Today Peter McNeil did spake thusly:
>
>>> Ran iptables -L just to make sure my rule was there and it was
>>> in the end had to use hosts.deny to block the IP
>>>
>>> Anyone got any ideas why?
>>>
>> I do this http://thunderbox.org/?page_id=4
>
> Much better way is to do something like this:
>
> iptables -N SSH_CHECK
> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
> iptables -A SSH_CHECK -m recent --set --name SSH
> iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4
> --name SSH -j DROP
>
> Which I used to use when I hand wrote my firewall. But as I'm trying
> to use system-config-firewall these days I've no idea how to add these
> custom rules...
>
that's cool, I just wanted a permanent blocklist (until restart). Re
system-config-firewall..the only way to be sure is by hand :-)
More information about the fedora-list
mailing list