Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: Jeremy Brake <gentoolists@...>
Subject: Re: [OT?] automatically firewalling off IPs
Date: Tue, 04 Oct 2005 12:26:34 +1300
Thanks for all the great input guys.
Theres a lot of reading to do before I can decide ona the most suitable 
option for me, but I'll get through it all.

While i'm getting my head around everything to impliment a permanent 
solution, what about this? (sorry, not great with iptables just yet..)
Leave sshd listening on port 22, but firewall off everything except my 
trusted IP's (localhost, home, girlfriend, work subnet, internal subnet, 
flatmates server) .
Add an IPTables rule to port forward $ambiguous_external_port through to 
port 22 on localhost (or if its safer, the  10.x.x.x IP assigned to the 
machine) , and log the instance.
My thinking is that this would make it harder for someone to find my 
open ssh port, but leave me the convenience of not having to specify a 
port when I connect from my regular connections, dozens of times a day. 
Or is it just going to open up an IP spoofing exploit on port 22, and 
achieve practically nothing?

Presumably this would eliminate the need for my original idea of 
search-and-destroy on the brute force scripts, but I'll probably look at 
implimenting something along those lines when I get my ftpd going (i'm 
using SCP for everything now, but theres a need to change that. ) and 
will still look at using the idea for my permanent SSH solution.

I like the sound of of SEC, the IPTables' "recent" option, and port 
knocking. Because NZ IPs are assigned from the APNIC ranges, I'm not 
sure how well the GEOIP patch would work, but i'll look into it. 
(otherwise I would have blacklisted all of Asia already)
I'm going to read through all the rules and scripts posted, once i've 
researched the available tools, and i'll go from there.

Jeremy B

Jeremy Brake wrote:

> Hey all,
> I'm looking for an app/script which can monitor for failed ssh logins, 
> and block using IPTables for $time after $number of failed logins (an 
> exclusion list would be handy as well) so that I can put a quick stop 
> to these niggly brute-force ssh "attacks" I seem to be getting more 
> and more often.
> Anyone have any ideas?
> Thanks, Jeremy B

gentoo-security@g.o mailing list

Re: [OT?] automatically firewalling off IPs
-- Joerg Mertin
[OT?] automatically firewalling off IPs
-- Jeremy Brake
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
[OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
Re: [OT?] automatically firewalling off IPs
Next by date:
Re: [OT?] automatically firewalling off IPs

Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.