Fernando Lopez-Lezcano wrote: > Another option is a service called denyhosts, it adds entries > to /etc/hosts.deny for each host from which a defined number of failed > logins happen. So the attacking hosts are dropped out as they try > passwords and hopefully fail...
While effective, this can result in a DoS against your machine. However, I do something similar with the firewall. I found a good firewall script here: http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.h tml#s-firewall-setup And I added this rule: # # This is to limit all those ssh bots # /sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DEFAULT --rsource -j DROP /sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource Which temporarily ignores traffic from a host if they hit my SSH port 4 times in 60 seconds. However, in the past few months, the scripts that are attacking the ssh ports have taken on a distributed attack vector that is able to circumvent this firewall rule. HTH, Gabriel _______________________________________________ Linux-audio-dev mailing list [email protected] http://lists.linuxaudio.org/mailman/listinfo/linux-audio-dev
