If you have iptables available in your kernel, a quick manual step could be to block all traffic incoming from that IP address. A statement like the following could work:
iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP (This drops all traffic coming from IP address XXX... effectively, it simply looses the network packets and doesn't respond to it any more.) Of course this is a one time only, manual thing. There may also be processes/applications that automatically block unwanted IP traffic. Maybe somebody else may suggest such a solution (I'm not that familiar with this). Cheers, Joost > -----Original Message----- > From: Mick [mailto:[EMAIL PROTECTED] > Sent: zondag 7 oktober 2007 11:40 > To: gentoo-user@lists.gentoo.org > Subject: [gentoo-user] Break In attempts > > > Hi All, > > Can you please advise what I could do to block IP addresses that have > repeatedly failed to log in? I am looking here at a server > which over the > last week is being attacked daily with random usernames. So the only > constant in these repeated attempts is not the username, but > the IP address. > Occasionally, the odd service name (e.g. rpc, mysql, > postgres, etc.) repeats > itself, otherwise they seem to be randomly selected from a dictionary. > > I have already disabled PAM authentication on sshd so that > only users with a > public key in their ~/.ssh can login. > -- > Regards, > Mick > -- [EMAIL PROTECTED] mailing list
