Gentoo Archives: gentoo-security

From: Andrew Gaffney <agaffney@×××××××××××.com>
To: "Lasse B. Jensen" <gymer@××××××××××××××××××.dk>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] blocking SSH probes
Date: Mon, 09 Aug 2004 06:27:38
Message-Id: 411718A7.2030509@skylineaero.com
In Reply to: Re: [gentoo-security] blocking SSH probes by "Lasse B. Jensen"
1 Lasse B. Jensen wrote:
2 > You cannot just add the sleep function. I will only give 1 minute sleep
3 > when you initialing your firewall.
4 >
5 > The best thing you can do i to only allow certaion ips to connect to
6 > your server, fx:
7 >
8 > iptables -A INPUT -p tcp --dport 22 -s 192.168.0.2 -j ACCEPT
9 > iptables -A INPUT -p tcp --dport 22 -j DROPA
10 >
11 > Which will drop alle connections to port 22 (ssh) expect connections
12 > from 192.168.0.2 (more can easily be added)
13
14 The problem with this is that I need to be able to connect from wherever I
15 happen to be when I need to connect. I have to have port 22 open to the world.
16 What I really want to prevent is the 4-10 login attempts that these script
17 kiddies make after they find a host with SSH running. I want any login failure
18 via SSH to result in a 1 minute block of the originating IP address.
19
20 --
21 Andrew Gaffney
22 Network Administrator
23 Skyline Aeronautics, LLC.
24 636-357-1548
25
26
27 --
28 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] blocking SSH probes "Lasse B. Jensen" <gymer@××××××××××××××××××.dk>
Re: [gentoo-security] blocking SSH probes "Lasse B. Jensen" <gymer@××××××××××××××××××.dk>
Re: [gentoo-security] blocking SSH probes Heikki Levanto <heikki@×××.dk>