--snip-- > > > > -- > > Knute Johnson > > Molon Labe... > A while back there was discussion on the list about a script that > monitored /var/messages and /var/secure and would write a rule to block an IP > address after "x" number of attempts to log in. > I could not find the reference that I kept. You might try searching the list > but the scripts were very good. > Try this http://denyhosts.sourceforge.net/ or for quick & dirty: iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name sshscans --rsource iptables -A INPUT -m recent --rcheck --seconds 60 --hitcount 10 --name sshscans --rsource -j DROP (thanks to david@xxxxxxxxxxxxx for that one) -- Tony Placilla, RHCT anthony_placilla@xxxxxxxx
