Gentoo Archives: gentoo-security

From: Jerry Eastmanhouser <×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Mon, 31 Oct 2011 03:55:52
In Reply to: Re: [gentoo-security] [OT?] automatically firewalling off IPs by Christophe Garault
I've been getting hit with similar brute force attacks...usually from Korea
or China......anyway
like the several options listed above I think the less fancy you secure your
box the better....
really if you want to be able to log in from any number of remote clients
like me the best thing
to do is simply change your sshd port. I did that and it solved the problem
rather quickly with
little disruption to myself....I don't want to have a key with log
in with when I travel.
An option that I considered that nobody mentioned yet is leaving port 22
closed completely
and then use port knocking to open up the port for 20 seconds or so on your
IP (however long
you need to log onto the system). The port opens long enough for you to
establish a connection
and then closes automatically to any new connections, but still allows
established traffic through.
Clever idea and pretty simple to impliment...just google for it...I think
there is a gentoo wiki howto
on it as well.


On 10/3/05, Christophe Garault <christophe@×××××××.org> wrote:
> > Jeremy Brake a écrit : > > >Hey all, > > > >I'm looking for an app/script which can monitor for failed ssh logins, > >and block using IPTables for $time after $number of failed logins (an > >exclusion list would be handy as well) so that I can put a quick stop to > >these niggly brute-force ssh "attacks" I seem to be getting more and > >more often. > > > >Anyone have any ideas? > > > > > Yep: emerge fail2ban ( > It's an excellent script written in python that can monitor all > unsuccessfull logins (ssh, apache) > There's a fail2ban.conf file where you can define many options to > protect you from a Dos. > > >Thanks, Jeremy B > > > > > Have a nice day. > > -- > Christophe Garault > -- > gentoo-security@g.o mailing list > >