Michael Yep wrote: > I have been blocking some IPs because they are brute forcing my ssh > port. I access this server from many different places so I cant really > just add a few hosts. > I'm talking about 36000 attempts in a short time from some IP addresses > > David Cary Hart wrote: >> On Tue, 18 Jul 2006 14:24:56 -0500, Michael Yep <myep@xxxxxxxxxxxxxx> >> opined: >> >>> Hello >>> >>> I know that the preferred way of controlling access is to use >>> whitelists, but for my case I'd like to use IP blacklisting. >>> Now using a script like >>> #!/bin/bash >>> >>> if [ -f badips.txt ] >>> then >>> for BAD_IP in `cat badips.txt` >>> do >>> iptables -A INPUT -s $BAD_IP -j DROP >>> done >>> else >>> echo "Can't read badips.txt" >>> fi >>> >>> I have like 96 banned IPs so far. I am wondering about the possible >>> performance hit on my system, and the limits of iptables. >>> What if I have thousands? >>> >>> >> At some point it affects performance. There are some workarounds. >> What problem are you trying to solve? What causes you to block an IP? >> >> > I second the suggestion about running SSHD on a different port. It's removed all my script kiddie attacks. See /etc/ssh/sshd_config to enable. -- Steve
