On 4/12/06, Gary Thornock <[EMAIL PROTECTED]> wrote:
> So far, I've just added the offending hosts to a table in
> /etc/pf.conf and denied them access to all ports, something like:
>
> #####
> table <badssh> { \
> 24.222.2.26, 24.232.121.93, 24.48.67.72, 61.206.117.59, \
> 61.63.10.210, 61.71.120.170, 62.112.223.131, 64.251.27.173, \
> 64.58.235.163, 64.71.150.51, 66.120.42.38, 66.146.155.143, \
> # several rows trimmed for brevity
> 221.232.160.115, 221.6.69.10 \
> }
>
> # snip a few other pf rules
>
> block in quick on $ext_if from <badssh>
> #####
>
> This has been very effective. I rarely need to add an additional
> host to the deny table. Something similar would doubtless work in
> iptables, too, if that's your preference.
>
> Denyhosts looks like an interesting alternative, though. I think
> I'll try it out :)
>
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>
If you want a very nice dynamic port blocker , try Port Scan Attack
Detector (PSAD) http://www.cipherdyne.com/psad/
Though, you could spend your whole life fighting this losing battle.
My opinion is to set your security in place, and forget about it.
--
Chris Carey
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
