Re: Blocking port automatically

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gene Heskett <gene.heskett@xxxxxxxxxxx> writes:
> Its very hard to further your attack on a machine when your address is one 
> that's never going to be responded to by the machine so protected.  You 
> cannot prove the machine even exists, no ping response, nothing comes 
> back once portsentry has been tripped. And you can make it very paranoid 
> indeed.

What does the iptables file for portsentry look like?

I've been experimenting with adding some fairly aggressive (read:
dangerous) rules to iptables in an attempt to reclaim lots the
bandwidth and cpu time the script kiddies are robbing me of.
Basically I use the module "recent" to set a 1-week timer on their IP
for any scanning or excessive connection attempts.  Then near the top
of the iptables I drop all future packets from them till the timer
runs out.  This effectively gives them the cold shoulder treatment and
they tend to go away after a minute or two.

What is amusing, during testing I had the IP timeout set for 10
minutes.  It was this way for 6 weeks as I was making sure the system
was working as intended.  Well I guess that was long enough for
evolution to take place.  One kiddie noticed the 10-minute timeout and
came back every 12 minutes to beat on the ssh server a bit more.
Silly kiddie, if he'd read my web page he'd have noticed that that
server doesn't allow passworded logins anyway, just RSA.

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux