Re: how to react on ssh attacks? [solved]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2005-10-25 at 14:08 -0400, Neal Becker wrote:
> Eventually hosts.deny is getting too big.  If this is really fedora's
> answer, then I think we'll need a version of tcpwrappers that has some kind
> of database, rather than a flat file.

I agree, although by layering iptables blocking with denyhosts I am able
to greatly reduce the number of hosts.deny entries. Like many people on
this list, I have a set of rules in iptables that look for too many ssh
logins in too short a time period. If the threshold is exceeded
connections from the offending IP are dropped for a time. Most script
kiddies hit the block and just go away. Some script kiddies, however,
come back later. For them I have denyhosts running at a threshold one
above the iptables script. I typically see denyhosts trigger only once
or twice a day for these more serious threats.

-- 
Brian Gaynor
www.pmccorp.com
FC4/Linux on DELL Inspiron 5160 3.0Ghz 
canis 15:52:13 up 7:22, 1 user, 
load average: 0.14, 0.22, 0.16 



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux