| From: Jeff Vian <jvian10@xxxxxxxxxxx>
| On Sat, 2006-06-24 at 12:57 -0600, Philip Prindeville wrote:
| > I got tired of people running FTP password attacks on my machine from
| > China, Korea, Thailand, etc. so I came up with the following change:
My ssh servers get similarly bothered.
| I would think that the better approach would be the ability to do the
| same in iptables which already exists and works well. If the settings
| are not configurable by the administrator it can be a major pain.
| Multiple layers of security are better however.
My (naive) preference would be a PAM module. The hammering I get is
at the authentication (login) stage and I hope everything taking
logins is PAMified.
I don't know if PAM can be stateful, so I don't know if it is actually
possible.
IPtables seems to me to be at too low a level.
Having said that, I have a script that I use to manually ban IP
addresses when they bother me:
# ban an IP address. Stupid hackers.
# synopsis: ban-ip ip reason
set -u
ip=$1
if ! expr match "$ip" '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null
then
echo "$0: malformed IP address $ip"
exit 1
fi
echo "`date --iso-8601=minutes`: $*" >>~/BAN-LOG
/sbin/iptables -I INPUT 1 -s "$ip" -j DROP
