Gentoo Archives: gentoo-security

From: "Lasse B. Jensen" <gymer@××××××××××××××××××.dk>
To: Andrew Gaffney <agaffney@×××××××××××.com>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] blocking SSH probes
Date: Mon, 09 Aug 2004 06:55:04
Message-Id: Pine.LNX.4.60.0408090852430.29218@sutsko.kollegie.dk
In Reply to: Re: [gentoo-security] blocking SSH probes by Andrew Gaffney
1 On Mon, 9 Aug 2004, Andrew Gaffney wrote:
2
3 > Lasse B. Jensen wrote:
4 >> You cannot just add the sleep function. I will only give 1 minute sleep
5 >> when you initialing your firewall.
6 >>
7 >> The best thing you can do i to only allow certaion ips to connect to your
8 >> server, fx:
9 >>
10 >> iptables -A INPUT -p tcp --dport 22 -s 192.168.0.2 -j ACCEPT
11 >> iptables -A INPUT -p tcp --dport 22 -j DROPA
12 >>
13 >> Which will drop alle connections to port 22 (ssh) expect connections from
14 >> 192.168.0.2 (more can easily be added)
15 >
16 > The problem with this is that I need to be able to connect from wherever I
17 > happen to be when I need to connect. I have to have port 22 open to the
18 > world. What I really want to prevent is the 4-10 login attempts that these
19 > script kiddies make after they find a host with SSH running. I want any login
20 > failure via SSH to result in a 1 minute block of the originating IP address.
21 >
22
23 dont you have an vpn gateway which you always can connect to. The open for
24 connection from the vpn and login via vpn. Then you can always connect
25 just by first connecting to the vpn.
26
27
28 > --
29 > Andrew Gaffney
30 > Network Administrator
31 > Skyline Aeronautics, LLC.
32 > 636-357-1548
33 >
34 >
35 > --
36 > gentoo-security@g.o mailing list
37 >
38 >
39
40 --
41 gentoo-security@g.o mailing list