Gentoo Archives: gentoo-security

From: Andrew Gaffney <agaffney@×××××××××××.com>
To: gentoo-security@l.g.o
Subject: [gentoo-security] blocking SSH probes
Date: Mon, 09 Aug 2004 01:06:41
1 I'm getting really annoyed with these SSH probes. While I don't have any weak
2 accounts, I still want to cover myself. I want to add an iptables DROP rule for
3 1 minute for any IP that has a failed login through SSH. I already have metalog
4 set to run a script which emails me whenever there is a failed login attempt
5 (I've had this for a while). Can I just add:
7 iptables -A INPUT -s $IP_OF_PROBE -j DROP # to make their scans slower
8 sleep 60s
9 iptables -D INPUT -s $IP_OF_PROBE -j DROP
11 to the end of my script? I want it at one minute in case I'm logging in via SSH
12 from a computer where I don't have keys setup and I accidentally type the wrong
13 password ;) Is there a problem with this idea?
15 --
16 Andrew Gaffney
17 Network Administrator
18 Skyline Aeronautics, LLC.
19 636-357-1548
22 --
23 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] blocking SSH probes "Lasse B. Jensen" <gymer@××××××××××××××××××.dk>
Re: [gentoo-security] blocking SSH probes Michael Schachtebeck <michael.schachtebeck@×××××××××××××××××××.de>
Re: [gentoo-security] blocking SSH probes Mans Matulewicz <cybermans@××××××.nl>
Re: [gentoo-security] blocking SSH probes Robert Zwerus <arzie@×××.nl>