On 4/12/06, Blake B. <[EMAIL PROTECTED]> wrote: > > I agree with that completely. But I like simplicity. I just use > rate-limiting, I get maybe 2 or 3 attempts at SSH on port 22 a day. > With this method they give up very quickly. > > sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW > -m recent --set > sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW > -m recent --update --seconds 60 --hitcount 4 -j DROP > > Anything that hits port 22 more than 4 times within 60 seconds gets > blocked. This is obviously vulnerable to throttling the attacks, but > it's always automated, and they're usually only interested in the low- > hanging fruit. > > -Blake
This is cool. Is the rate-limiting on port 22 only blocking the IP of the offending connection? *or* does it block port 22 for *everyone* if there are too many incoming connections? Chris /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
