On Tue, 18 Jul 2006 15:00:28 -0500, Michael Yep <myep@xxxxxxxxxxxxxx>
opined:
>
> I have been blocking some IPs because they are brute forcing my ssh
> port. I access this server from many different places so I cant
> really just add a few hosts.
> I'm talking about 36000 attempts in a short time from some IP
> addresses
Please don't top post.
Denyhosts from extras will work.
Personally, I use a swatch to whack these on the first attempt Swatch
executes a script that uses at to remove the IP from netfilter after
six hours. Swatch is perl, denyhosts is python. Other than that,
swatch offers more flexible configuration IMO.
>
> David Cary Hart wrote:
> > On Tue, 18 Jul 2006 14:24:56 -0500, Michael Yep
> > <myep@xxxxxxxxxxxxxx> opined:
> >
> >> Hello
> >>
> >> I know that the preferred way of controlling access is to use
> >> whitelists, but for my case I'd like to use IP blacklisting.
> >> Now using a script like
> >> #!/bin/bash
> >>
> >> if [ -f badips.txt ]
> >> then
> >> for BAD_IP in `cat badips.txt`
> >> do
> >> iptables -A INPUT -s $BAD_IP -j DROP
> >> done
> >> else
> >> echo "Can't read badips.txt"
> >> fi
> >>
> >> I have like 96 banned IPs so far. I am wondering about the
> >> possible performance hit on my system, and the limits of
> >> iptables. What if I have thousands?
> >>
> >>
> > At some point it affects performance. There are some workarounds.
> > What problem are you trying to solve? What causes you to block an
> > IP?
> >
> >
>
--
Do NOT Send Email to <spam trap> Fedora@TQMcube,com
Our DNSRBL - Eliminate Spam at The Source: http://www.TQMcube.com
Don't Subsidize Criminals: http://boulderpledge.org
