On Thu, Jun 16, 2005 at 10:16:43AM -0400, Ugo Bellavance wrote: > michael wrote: > > On Thu, 2005-06-16 at 09:05 -0500, Thomas Stivers wrote: > > > >>I have been getting a huge number of attempts to log into my box via ssh > >>which fail with invalid username entrys in the logs. Is there already a > >>package which will let me look through the logs and dynamically add > >>iptables rules to drop anything from these scanning addresses after > >>something like 3 attempts. I know I can set up hosts.allow and > >>hosts.deny to only allow ssh in from particular ip's, but I'd rather not > >>do that. Any suggestions would be appreciated. > >> > > > > > > > > I set up sshd_config to use a different port. That stopped them (for > > now...) > > > > Maybe try port knocking. A google search should find. >
I am actually getting ready to package doorman, which does something similar. I will probably have it packaged and uploaded in a week or so. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~sanchezr
pgpEDSgqxTUg0.pgp
Description: PGP signature
