On 2010-06-07 12:06:18 +0300, Valentin Cozma wrote:
> observ pe syslog atacuri de la anumite ip-uri.
>
> as vrea sa blochez automat, din firewall, un ip considerat suspect de atac.
>
> sshd-ul zice el ceva in loguri, dar nu sta nimeni sa le citeasca in timp
> real.
>
> cum s-ar aborda o astfel de problema ?
Ii poti dropa/throttla (ohai, engrish) cu ipt_recent, de pilda.
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW \
-m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW \
-m recent --update --seconds 60 --hitcount 4 -j DROP
--
perl -MLWP::Simple -e'print$_[rand(split(q.%%\n.,
get(q{http://cpan.org/misc/japh})))]'
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
