On Apr 22 Keith G. Robertson-Turner did spake thusly:
Verily I say unto thee, that Manuel Arostegui Ramirez spake thusly:
El Domingo, 22 de Abril de 2007 02:50, Keith G. Robertson-Turner escribió:
I have hundreds off ssh attacks every day. Just make sure you have a
*very* secure password (or don't forward ssh from the router).
I also use "denyhosts" which I've found extremely useful (it's in extras).
That plus some kind of app such as fail2ban to permit only like like 3 attemps
of login
Denyhosts already does that.
I'll check out fail2ban though, it's always nice to have alternatives.
iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \
recent --set
iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \
recent --update --seconds 60 --hitcount 4 -j DROP
This'll drop anything over 4 connections from an IP within 60 seconds -
might also be of use for an SSH attack
--
Scott van Looy - email:me@xxxxxxxxxxxxxx | web:www.ethosuk.org.uk
site:www.freakcity.net - the in place for outcasts since 2003
PGP Fingerprint: 7180 5543 C6C4 747B 7E74 802C 7CF9 E526 44D9 D4A7
-------------------------------------------
|/// /// /// /// WIDE LOAD /// /// /// ///|
-------------------------------------------
Paralysis through analysis.
