Benji Weber wrote: > On 16/07/07, Richard Creighton <[EMAIL PROTECTED]> wrote: >> My question is what, if any firewall rule could I write that could >> detect such attacks and automatically shut down forwarding packets from >> the offending node or domain? That would give me an additional layer >> of defense as well as freeing up a significant amount of log file space. > > set the following line > > FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=120,recentname=ssh" > > > in /etc/sysconfig/SuSEfirewall2 This will limit to a maximum of 3 > attempts per 120s. > > Even more effective can be running sshd on an unusual port, or > installing something like "fail2ban" >
Using keys instead of passwords is better. Also, if ssh is not used off site, simply block it at the firewall. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
