1 |
On Sun, Apr 01, 2007 at 04:03:48PM +0300, Daniel Iliev wrote: |
2 |
> Hi, guys |
3 |
> |
4 |
> Recently I was looking through my logs when I got pissed off (again) by |
5 |
> the big number of lines showing something like 'sshd: auth. error: |
6 |
> unknown user "XXX" from "some IP address"'. I wrote a script which |
7 |
> automatically sets all connections from those IP addresses to be |
8 |
> dropped. Next I decided to change "-j DROP" with "-j TARPIT" and I |
9 |
> realized that gentoo-sources doesn't provide the netfilter target "TARPIT". |
10 |
|
11 |
Instead of using iptables, you may want to try DenyHosts |
12 |
(app-admin/denyhosts). It's a simple Python script that parses through |
13 |
/var/log/secure (or whatever your sshd logs to) and finds IPs who have |
14 |
failed authentication a certain number of times, then adds those IPs to |
15 |
/etc/hosts.deny. Naturally, the threshold for blocking a host can be |
16 |
configured, and many other options can too. It's worked great for me, |
17 |
and I've used it for about half a year now. |
18 |
|
19 |
The website for the DenyHosts project is: |
20 |
http://denyhosts.sourceforge.net/ |
21 |
|
22 |
I hope that I read your question right and that this will help. |
23 |
|
24 |
Ryan Curtin |
25 |
ryan@××××××××××××.com |
26 |
|
27 |
-- |
28 |
<www.igglybob.com> |
29 |
-- |
30 |
gentoo-user@g.o mailing list |