Nick Demou wrote: > Any other idea of simple measures that will keep as many attackers > away from the one and only service that is listening to the Internet?
Different approach, but the same goal: aptitude install fail2ban > bans IPs that cause multiple authentication > errors Monitors log files (e.g. /var/log/auth.log, > /var/log/apache/access.log) and temporarily or persistently bans > failure-prone addresses by updating existing firewall rules. The > software was completely rewritten ▒ at version 0.7.0 and now allows > easy specification of different actions to be taken such as to ban an > IP▒ using iptables or hostsdeny rules, or simply to send a > notification email. Currently, by default, ▒ supports > ssh/apache/vsftpd but configuration can be easily extended for > monitoring any other ASCII file.▒ All filters and actions are given > in the config files, thus fail2ban can be adopted to be used with a > ▒ variety of files and firewalls. > ▒ ▒ Homepage: http://www.sourceforge.net/projects/fail2ban Maybe not as perfect as your approach, but very simple: just install and forget. Johannes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
