On Sat, Jun 21, 2008 at 12:50 PM, sriram <[EMAIL PROTECTED]> wrote: > you may not even need sshblack to do this type of blocking. modern versions of > iptables has built in capability to do this. for example, do > > iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set > iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent \ > --update --seconds 60 --hitcount 2 -j DROP
I use a similar setup on all my servers as well. A word of caution: it is essential to implement filtering only the external network interface or subnets for it is easy to establish more than N connections per minute over the LAN through regular usage through various shell scripts, maintenance tasks, etc. For those interested in implementing Proff Sriram's iptables rule sets on your own machines, please see here: http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/ - Raja _______________________________________________ To unsubscribe, email [EMAIL PROTECTED] with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
