annoying brute force attack attempt using ssh
Scott van Looy
scott at ethosuk.net
Thu May 15 11:33:18 UTC 2008
Today Peter McNeil did spake thusly:
> Scott van Looy wrote:
>> Today Peter McNeil did spake thusly:
>>
>>>> Ran iptables -L just to make sure my rule was there and it was
>>>> in the end had to use hosts.deny to block the IP
>>>>
>>>> Anyone got any ideas why?
>>>>
>>> I do this http://thunderbox.org/?page_id=4
>>
>> Much better way is to do something like this:
>>
>> iptables -N SSH_CHECK
>> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
>> iptables -A SSH_CHECK -m recent --set --name SSH
>> iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name
>> SSH -j DROP
>>
>> Which I used to use when I hand wrote my firewall. But as I'm trying to use
>> system-config-firewall these days I've no idea how to add these custom
>> rules...
>>
> that's cool, I just wanted a permanent blocklist (until restart). Re
> system-config-firewall..the only way to be sure is by hand :-)
does anyone know if there's documentation for it anywhere? If not, I'm
happy to write some - if someone can explain to me how the buggery it
works...? :)
--
Scott van Looy - email:me at ethosuk.org.uk | web:www.ethosuk.org.uk
site:www.freakcity.net - the in place for outcasts since 2003
PGP Fingerprint: 7180 5543 C6C4 747B 7E74 802C 7CF9 E526 44D9 D4A7
-------------------------------------------
|/// /// /// /// WIDE LOAD /// /// /// ///|
-------------------------------------------
It is said that the lonely eagle flies to the mountain peaks while the lowly
ant crawls the ground, but cannot the soul of the ant soar as high as the eagle?
More information about the fedora-list
mailing list