1 |
I'm getting really annoyed with these SSH probes. While I don't have any weak |
2 |
accounts, I still want to cover myself. I want to add an iptables DROP rule for |
3 |
1 minute for any IP that has a failed login through SSH. I already have metalog |
4 |
set to run a script which emails me whenever there is a failed login attempt |
5 |
(I've had this for a while). Can I just add: |
6 |
|
7 |
iptables -A INPUT -s $IP_OF_PROBE -j DROP # to make their scans slower |
8 |
sleep 60s |
9 |
iptables -D INPUT -s $IP_OF_PROBE -j DROP |
10 |
|
11 |
to the end of my script? I want it at one minute in case I'm logging in via SSH |
12 |
from a computer where I don't have keys setup and I accidentally type the wrong |
13 |
password ;) Is there a problem with this idea? |
14 |
|
15 |
-- |
16 |
Andrew Gaffney |
17 |
Network Administrator |
18 |
Skyline Aeronautics, LLC. |
19 |
636-357-1548 |
20 |
|
21 |
|
22 |
-- |
23 |
gentoo-security@g.o mailing list |