Odd ssh attacks?

Thu Jul 19 12:23:32 UTC 2007

Matthew Carpenter wrote:
> On Thursday 19 July 2007, David Ford wrote:
>   
>> [...]
>> iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
>> iptables -A INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -m
>> recent --name sshprobe --set -j ACCEPT
>> iptables -A INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -m
>> recent --name sshprobe --update --seconds 60 --hitcount 3 -j LOGDROP
>> [...]
>>
>> ...making it happen in kernel space where it's far less resource
>> intensive and doesn't require any additional software installation or
>> configuration.
>>
>> -david
>>     
>
> Thank you David!  That's something I didn't know about.
>   
my pleasure :)