| 1 |
If you have iptables available in your kernel, a quick manual step could be |
| 2 |
to block all traffic incoming from that IP address. A statement like the |
| 3 |
following could work: |
| 4 |
|
| 5 |
iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP |
| 6 |
|
| 7 |
(This drops all traffic coming from IP address XXX... effectively, it simply |
| 8 |
looses the network packets and doesn't respond to it any more.) |
| 9 |
|
| 10 |
Of course this is a one time only, manual thing. There may also be |
| 11 |
processes/applications that automatically block unwanted IP traffic. Maybe |
| 12 |
somebody else may suggest such a solution (I'm not that familiar with this). |
| 13 |
|
| 14 |
Cheers, |
| 15 |
Joost |
| 16 |
|
| 17 |
> -----Original Message----- |
| 18 |
> From: Mick [mailto:michaelkintzios@×××××.com] |
| 19 |
> Sent: zondag 7 oktober 2007 11:40 |
| 20 |
> To: gentoo-user@l.g.o |
| 21 |
> Subject: [gentoo-user] Break In attempts |
| 22 |
> |
| 23 |
> |
| 24 |
> Hi All, |
| 25 |
> |
| 26 |
> Can you please advise what I could do to block IP addresses that have |
| 27 |
> repeatedly failed to log in? I am looking here at a server |
| 28 |
> which over the |
| 29 |
> last week is being attacked daily with random usernames. So the only |
| 30 |
> constant in these repeated attempts is not the username, but |
| 31 |
> the IP address. |
| 32 |
> Occasionally, the odd service name (e.g. rpc, mysql, |
| 33 |
> postgres, etc.) repeats |
| 34 |
> itself, otherwise they seem to be randomly selected from a dictionary. |
| 35 |
> |
| 36 |
> I have already disabled PAM authentication on sshd so that |
| 37 |
> only users with a |
| 38 |
> public key in their ~/.ssh can login. |
| 39 |
> -- |
| 40 |
> Regards, |
| 41 |
> Mick |
| 42 |
> |
| 43 |
|
| 44 |
-- |
| 45 |
gentoo-user@g.o mailing list |
Archives