I would say this is the most elegant solution, since it requires not extra software then iptables, which is probably already installed.
just my two cents ... matthias On 05.08.2006, at 18:21, Vidar Tyldum Hansen wrote: > Duncan Brown skrev: >> Hey all >> >> I am forever being bombarded with the current plague of ssh brute >> force >> dictionary attacks. >> >> In an effort to stop this, I was planning on using Denyhosts. However >> when I tested my sshd config to see if it would work, as detailed >> here: >> >> http://denyhosts.sourceforge.net/ssh_config.html >> >> it connected fine. So i guess I haven't got sshd running with tcp >> wrappers. >> >> How do I go about doing this? > > I suggest using IPtables. > You can either allow only the hosts you want or block those brute > force > attemps: > /sbin/iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m > recent > --set > /sbin/iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m > recent > --update --seconds 120 --hitcount 4 -j REJECT --reject-with > icmp-admin-prohibited > > This gives them 4 attempts... > _______________________________________________ > tsl-discuss mailing list > [email protected] > http://lists.trustix.org/mailman/listinfo/tsl-discuss _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
