Verily I say unto thee, that Scott van Looy spake thusly: > On Apr 22 Keith G. Robertson-Turner did spake thusly: > >> Verily I say unto thee, that Manuel Arostegui Ramirez spake thusly: >>> El Domingo, 22 de Abril de 2007 02:50, Keith G. Robertson-Turner >>> escribió: >> >>>> I have hundreds off ssh attacks every day. Just make sure you have a >>>> *very* secure password (or don't forward ssh from the router). >>>> >>>> I also use "denyhosts" which I've found extremely useful (it's in >>>> extras). >> >>> That plus some kind of app such as fail2ban to permit only like like >>> 3 attemps >>> of login >> >> Denyhosts already does that. >> >> I'll check out fail2ban though, it's always nice to have alternatives. > > iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \ > recent --set > iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \ > recent --update --seconds 60 --hitcount 4 -j DROP > > This'll drop anything over 4 connections from an IP within 60 seconds - > might also be of use for an SSH attack Good tip. However, denyhosts is primarily used for failed *logins* (no such user, wrong password, etc.), rather than the above, which is really DDoS protection. My router already handles the DDoS stuff. -- K. http://slated.org .---- | I found [Vista] to be a dangerously unstable operating system, | which has caused me to lose data ... unfortunately this product | is unfit for any user. - [H]ardOCP, <http://tinyurl.com/3bpfs2> `---- Fedora Core release 5 (Bordeaux) on sky, running kernel 2.6.20-1.2312.fc5 22:38:21 up 6 days, 20:10, 2 users, load average: 0.46, 0.48, 0.34
