Bob Proulx wrote:
Matt Peter wrote:
I'd like to be able to IP ban these connections after a
set number of failed login attempts.
Of course you suggestion to put this on a non-standard port leads me
to believe this is just for you and no one else though so that might
be fine in that case.
Personally I would just ignore it in the logs.
The log floods get annoying after a while, so I'm using the ipt_recent
module (CONFIG_IP_NF_MATCH_RECENT) to rate-limit incoming attempts to
port 22 - more than three times in 60 seconds results in a 60-second ban
from the source IP to that port. A nice startup script that can be used
as a starting point can be found at:
<http://www.linode.com/forums/viewtopic.php?p=6935#6935>
Note, however, that your policy on the INPUT chain must be set to
ACCEPT, so if you normally use DROP or REJECT, you'll need to change the
policy and add a catch-all rule to drop or reject connections accordingly.
I also have switched to using public key authentication exclusively, so
password guessers won't work anyway.
Russ
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
