On Wed, 16 Aug 2006, Ashley M. Kirchner wrote:
I looked around on the web and found a few different programs to do this,
so I thought I'd ask here for advice: what are people using to automatically
block incoming attacks via ssh and ftp? I'm referring to those script
kiddies who simply hit your system over and over and over again in a very
short period of time, probing both the ssh as well as the ftp daemons trying
to log in.
And related to the question, what's the best practice here, adding them to
/etc/hosts.deny or dropping the traffic with iptables?
I have been using the denyhosts package from extras. (For the SSH
traffic.) Seems to work pretty well. I have not tried modifying it for
ftp.
There are a number of programs that all do similar blocking. Some are
iptables, some are hosts.deny. A search on freshmeat.net will probably
give you a good starting list.
--
"I want to live just long enough to see them cut off Darl's head and
stick it on a pike as a reminder to the next ten generations that some
things come at too high a price. I would look up into his beady eyes and
wave, like this... (*wave*!). Can your associates arrange that for me,
Mr. McBride?"
- Vir "Flounder" Kotto, Sr. VP, IBM Empire.
