Ashley M. Kirchner wrote:
I looked around on the web and found a few different programs to do
this, so I thought I'd ask here for advice: what are people using to
automatically block incoming attacks via ssh and ftp? I'm referring to
those script kiddies who simply hit your system over and over and over
again in a very short period of time, probing both the ssh as well as
the ftp daemons trying to log in.
And related to the question, what's the best practice here, adding
them to /etc/hosts.deny or dropping the traffic with iptables?
i use sshutout for ssh .... its been good ... http://www.techfinesse.com/sshutout/sshutout.html
as for ftp .... i dont use an ftp server .... but if you are reasonably
handy you should not have much trouble modifiying sshutout to do your
ftp server as well.
cheers and beeers
|