1 |
On Mon, 9 Aug 2004, Andrew Gaffney wrote: |
2 |
|
3 |
> Lasse B. Jensen wrote: |
4 |
>> You cannot just add the sleep function. I will only give 1 minute sleep |
5 |
>> when you initialing your firewall. |
6 |
>> |
7 |
>> The best thing you can do i to only allow certaion ips to connect to your |
8 |
>> server, fx: |
9 |
>> |
10 |
>> iptables -A INPUT -p tcp --dport 22 -s 192.168.0.2 -j ACCEPT |
11 |
>> iptables -A INPUT -p tcp --dport 22 -j DROPA |
12 |
>> |
13 |
>> Which will drop alle connections to port 22 (ssh) expect connections from |
14 |
>> 192.168.0.2 (more can easily be added) |
15 |
> |
16 |
> The problem with this is that I need to be able to connect from wherever I |
17 |
> happen to be when I need to connect. I have to have port 22 open to the |
18 |
> world. What I really want to prevent is the 4-10 login attempts that these |
19 |
> script kiddies make after they find a host with SSH running. I want any login |
20 |
> failure via SSH to result in a 1 minute block of the originating IP address. |
21 |
> |
22 |
|
23 |
dont you have an vpn gateway which you always can connect to. The open for |
24 |
connection from the vpn and login via vpn. Then you can always connect |
25 |
just by first connecting to the vpn. |
26 |
|
27 |
|
28 |
> -- |
29 |
> Andrew Gaffney |
30 |
> Network Administrator |
31 |
> Skyline Aeronautics, LLC. |
32 |
> 636-357-1548 |
33 |
> |
34 |
> |
35 |
> -- |
36 |
> gentoo-security@g.o mailing list |
37 |
> |
38 |
> |
39 |
|
40 |
-- |
41 |
gentoo-security@g.o mailing list |