It may make sense for small, limited users machines, but what about
servers that are intentionally advertising ssh for it's users globally,
so can't use port knocking, can't block all of korea (as some users
definatly connect from there) and so on...
Seems to me blocking large chunks of the net because they're a pain is a
short term solution that's going to cause long term pain for the
internet at large if it's allowed to become standard practice...
Shouldn't this list focus on the general, base level security rather
than specific work-arounds for these type of issues that don't apply to
a lot of boxen?
2c out.
Ben
Dave Strydom wrote:
I think there is an easier way of doing this...
Why not use the GEOIP IPTABLES patch and then just use this in your
firewall:
-----------------------------------------------------------------------------------------
$IPTABLES -A INPUT -p tcp -m geoip --src-cc CN -j DROP
$IPTABLES -A INPUT -p tcp -m geoip --src-cc KR -j DROP
$IPTABLES -A INPUT -p tcp -m geoip --src-cc TW -j DROP
$IPTABLES -A INPUT -p tcp -m geoip --src-cc HK -j DROP
-----------------------------------------------------------------------------------------
This way you have 4 simple rules which do the work of that entire script.
On 10/10/05, *Taka John Brunkhorst* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
nice but why do we need to block them?
ssh worms? or just lamers?
--
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Taka John Brunkhorst
--
[email protected] mailing list
