Scott van Looy wrote:
On Apr 22 Keith G. Robertson-Turner did spake thusly:
Verily I say unto thee, that Manuel Arostegui Ramirez spake thusly:
El Domingo, 22 de Abril de 2007 02:50, Keith G. Robertson-Turner
escribió:
I have hundreds off ssh attacks every day. Just make sure you have a
*very* secure password (or don't forward ssh from the router).
I also use "denyhosts" which I've found extremely useful (it's in
extras).
That plus some kind of app such as fail2ban to permit only like like
3 attemps
of login
Denyhosts already does that.
I'll check out fail2ban though, it's always nice to have alternatives.
iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \
recent --set
iptables -I INPUT -p tcp --dport 22 -i $EXTIF -m state --state NEW -m \
recent --update --seconds 60 --hitcount 4 -j DROP
This'll drop anything over 4 connections from an IP within 60 seconds
- might also be of use for an SSH attack
Thanks, I will use this! I think this is simpler and better than
installing additional software like fail2ban, isn't it?
Peter
