Gerard Beekmans napisał(a):
Hey guys,
Hi
Does anybody have other ideas? I'd like to keep ssh open for convenience
reasons.
Well my way of solving this was to change the default port for the ssh
service to some high port, anyway !=22 which is the default in most of
the scans/attacks.
Additionally some iptables config according to a topic that was on the
[EMAIL PROTECTED] around september on "SSH Brute Force"
(look in the archives) so when a connection to that high port is reseted
more than 3 times, the IP gets blocked for some time using the
ipt_recent module.
Another thing is that from my logs I made a list of the most commonly
scanned ports and added them to a black list, so that when a connection
attempt is made to one of them, the IP is banned for an hour.
--
Best wishes
Łukasz Hejnak
--
http://linuxfromscratch.org/mailman/listinfo/lfs-security
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
