On Apr 12, 2006, at 7:22 AM, Chris Carey wrote:
If you want a very nice dynamic port blocker , try Port Scan Attack Detector (PSAD) http://www.cipherdyne.com/psad/ Though, you could spend your whole life fighting this losing battle. My opinion is to set your security in place, and forget about it.
I agree with that completely. But I like simplicity. I just use rate-limiting, I get maybe 2 or 3 attempts at SSH on port 22 a day. With this method they give up very quickly.
sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
Anything that hits port 22 more than 4 times within 60 seconds gets blocked. This is obviously vulnerable to throttling the attacks, but it's always automated, and they're usually only interested in the low- hanging fruit.
-Blake /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
