1 |
If you have iptables available in your kernel, a quick manual step could be |
2 |
to block all traffic incoming from that IP address. A statement like the |
3 |
following could work: |
4 |
|
5 |
iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP |
6 |
|
7 |
(This drops all traffic coming from IP address XXX... effectively, it simply |
8 |
looses the network packets and doesn't respond to it any more.) |
9 |
|
10 |
Of course this is a one time only, manual thing. There may also be |
11 |
processes/applications that automatically block unwanted IP traffic. Maybe |
12 |
somebody else may suggest such a solution (I'm not that familiar with this). |
13 |
|
14 |
Cheers, |
15 |
Joost |
16 |
|
17 |
> -----Original Message----- |
18 |
> From: Mick [mailto:michaelkintzios@×××××.com] |
19 |
> Sent: zondag 7 oktober 2007 11:40 |
20 |
> To: gentoo-user@l.g.o |
21 |
> Subject: [gentoo-user] Break In attempts |
22 |
> |
23 |
> |
24 |
> Hi All, |
25 |
> |
26 |
> Can you please advise what I could do to block IP addresses that have |
27 |
> repeatedly failed to log in? I am looking here at a server |
28 |
> which over the |
29 |
> last week is being attacked daily with random usernames. So the only |
30 |
> constant in these repeated attempts is not the username, but |
31 |
> the IP address. |
32 |
> Occasionally, the odd service name (e.g. rpc, mysql, |
33 |
> postgres, etc.) repeats |
34 |
> itself, otherwise they seem to be randomly selected from a dictionary. |
35 |
> |
36 |
> I have already disabled PAM authentication on sshd so that |
37 |
> only users with a |
38 |
> public key in their ~/.ssh can login. |
39 |
> -- |
40 |
> Regards, |
41 |
> Mick |
42 |
> |
43 |
|
44 |
-- |
45 |
gentoo-user@g.o mailing list |