1 |
Lasse B. Jensen wrote: |
2 |
> You cannot just add the sleep function. I will only give 1 minute sleep |
3 |
> when you initialing your firewall. |
4 |
> |
5 |
> The best thing you can do i to only allow certaion ips to connect to |
6 |
> your server, fx: |
7 |
> |
8 |
> iptables -A INPUT -p tcp --dport 22 -s 192.168.0.2 -j ACCEPT |
9 |
> iptables -A INPUT -p tcp --dport 22 -j DROPA |
10 |
> |
11 |
> Which will drop alle connections to port 22 (ssh) expect connections |
12 |
> from 192.168.0.2 (more can easily be added) |
13 |
|
14 |
The problem with this is that I need to be able to connect from wherever I |
15 |
happen to be when I need to connect. I have to have port 22 open to the world. |
16 |
What I really want to prevent is the 4-10 login attempts that these script |
17 |
kiddies make after they find a host with SSH running. I want any login failure |
18 |
via SSH to result in a 1 minute block of the originating IP address. |
19 |
|
20 |
-- |
21 |
Andrew Gaffney |
22 |
Network Administrator |
23 |
Skyline Aeronautics, LLC. |
24 |
636-357-1548 |
25 |
|
26 |
|
27 |
-- |
28 |
gentoo-security@g.o mailing list |