[rhn-users] Automatically blocking IP addresses
Bernt Habermeier
bernt at wulfram.com
Sat Jun 3 13:16:33 UTC 2006
I recently put up a new server, and I'm seeing several machines trying to
break in. Example:
Jun 1 02:41:31 localhost sshd(pam_unix)[3447]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=219.137.197.100 user=root
Every 5 seconds, for hundreds of attempts. But that's not the only IP
address doing that.
...
Is there an easy way to set up linux to detect this sort of thing and
auto-deny all connections from servers like that? I guess the
alternative would be for me to restrict ssh access to a few IP addresses,
but that would kind of become a problem for when I'm on the road and need
to log in. I wish I could restrice ssh access to certain hardware (maybe
using the MAC address, but I know that information is not transmitted via
TCP/IP, so I guess there is no chance of that).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20060603/cd7fdcf7/attachment.htm>
More information about the rhn-users
mailing list