Duncan Brown skrev: > Hey all > > I am forever being bombarded with the current plague of ssh brute force > dictionary attacks. > > In an effort to stop this, I was planning on using Denyhosts. However > when I tested my sshd config to see if it would work, as detailed here: > > http://denyhosts.sourceforge.net/ssh_config.html > > it connected fine. So i guess I haven't got sshd running with tcp wrappers. > > How do I go about doing this?
I suggest using IPtables. You can either allow only the hosts you want or block those brute force attemps: /sbin/iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set /sbin/iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 120 --hitcount 4 -j REJECT --reject-with icmp-admin-prohibited This gives them 4 attempts... _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
