Steven J Lamb wrote:
I am trying to create a script to block people using hosts.deny. I
realize that I should just block everyone and then open access for those
whom I know I trust but because of the nature of our network this is not
possible. basically I check log files for login attempts every five
minutes and block those that attempt to log in more than 3 times that
day.
This is too late. An automated attack may well be completed in this
window of time.
Instead, use another port as a door-knock: when someone tries to connect
to <some port>, then allow connexions to ssh for a short time.
For an automated connexion from a remote site, something like this:
echo | nc example.com <some port>
ssh example.com
The nc command is contained in the netcat package.
I think I've seen how to implement this door knock entirely in iptables
recently, but didn't note the details.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
