On Saturday 14 November 2009 23:49:23 Richard Marza wrote:
> I recently check my log files and discovered that there was a dictionary
> attack attempt on my daemons. sshd and vsftpd were the primary targets. Is
> there a script or tool to block the offending IP addresses using iptables.
> Something that checks to see if a minimum of attempts has occured and
>  blocks them indefinitely based on that?


There are HUNDREDS of such solutions out there. Did you even try to Google 
first?

fail2ban & denyhosts are quite popular and get the job done.

OSSEC is a full blown IDS that I use at work, it functions very well but is 
probably overkill for your needs.

Last hint: You do NOT want to block hosts permanently. Your logs will empty 
sure enough, but sooner or later you will lock yourself out, or you will lock 
out people you really do want to access your services.

-- 
alan dot mckinnon at gmail dot com

Reply via email to