On 16/07/07, Richard Creighton <[EMAIL PROTECTED]> wrote:
My question is what, if any firewall rule could I write that could detect such attacks and automatically shut down forwarding packets from the offending node or domain? That would give me an additional layer of defense as well as freeing up a significant amount of log file space.
set the following line FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=120,recentname=ssh" in /etc/sysconfig/SuSEfirewall2 This will limit to a maximum of 3 attempts per 120s. Even more effective can be running sshd on an unusual port, or installing something like "fail2ban" _ Benjamin Weber -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
