| 1 |
I'm getting really annoyed with these SSH probes. While I don't have any weak |
| 2 |
accounts, I still want to cover myself. I want to add an iptables DROP rule for |
| 3 |
1 minute for any IP that has a failed login through SSH. I already have metalog |
| 4 |
set to run a script which emails me whenever there is a failed login attempt |
| 5 |
(I've had this for a while). Can I just add: |
| 6 |
|
| 7 |
iptables -A INPUT -s $IP_OF_PROBE -j DROP # to make their scans slower |
| 8 |
sleep 60s |
| 9 |
iptables -D INPUT -s $IP_OF_PROBE -j DROP |
| 10 |
|
| 11 |
to the end of my script? I want it at one minute in case I'm logging in via SSH |
| 12 |
from a computer where I don't have keys setup and I accidentally type the wrong |
| 13 |
password ;) Is there a problem with this idea? |
| 14 |
|
| 15 |
-- |
| 16 |
Andrew Gaffney |
| 17 |
Network Administrator |
| 18 |
Skyline Aeronautics, LLC. |
| 19 |
636-357-1548 |
| 20 |
|
| 21 |
|
| 22 |
-- |
| 23 |
gentoo-security@g.o mailing list |
Archives