On Thu, 16 Jun 2005, Thomas Stivers wrote:
> I have been getting a huge number of attempts to log into my box via ssh
> which fail with invalid username entrys in the logs. Is there already a
> package which will let me look through the logs and dynamically add
> iptables rules to drop anything from these scanning addresses after
> something like 3 attempts. I know I can set up hosts.allow and
> hosts.deny to only allow ssh in from particular ip's, but I'd rather not
> do that. Any suggestions would be appreciated.
"stopping the attacks" ...
- you can't really stop them
- all you can do is not reply to those incoming requests
- moving to another port might help, but that prevents your
own apps from working either if you use ssh to transfer data
to and from that server unless all your servers is changed
to use "/dev/randomNumber" for ssh
another simple way ..
#
# hosts.deny file should exists by default in any case
#
vi /etc/hosts.deny
ALL:ALL
- if you wanna play games, twist the incoming port attempt
back onto themself ( the attacker )
vi /etc/hosts.allow
sshd: 192.168.1.1
all ssh connections from other ip# will be dropped and it doesn't ask
for passwd ( something i want, don't give them that chance )
c ya
alvin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
