On Tuesday 22 November 2005 2:14 am, Knute Johnson wrote: > >What I did here for a while was run what amounts to a simple shell > >script that grabbed the IP's of the attacking machines and stuffed > >them into an IP-level filter against all traffic from that machine. > >This still allowed the attacker to have 5-10 seconds of fun, but life > >got really boring for them after that. > > > >-wolfgang > > I found an idea that uses the recent module of iptables. Was easy to > write and works really well. The first connection gets through but > fails because of the public/private key setup and the second > connection is dropped. I know that it uses some cpu time and that > isn't a consideration on my machine with only one user but after two > tries they go away. Before I put the chains into iptables they would > attack for as much as an hour or more. I would guess that would use > more cpu over time. > > Wolf: Thanks again for the instructions on the p/p key setup. > > -- > Knute Johnson > Molon Labe... A while back there was discussion on the list about a script that monitored /var/messages and /var/secure and would write a rule to block an IP address after "x" number of attempts to log in. I could not find the reference that I kept. You might try searching the list but the scripts were very good.
