Odd ssh attacks?
Felipe Figueiredo
philsf79 at gmail.com
Fri Jul 20 13:06:11 UTC 2007
On Thursday 19 July 2007 12:30:02 Derek Broughton wrote:
> Art Edwards wrote:
>
> > Two other things you can do (I'm doing these,FWIW)
> >
> > 1. For each IP address you encounter, you can set up a stanza in you
> > iptables firewall.
> >
> > For example,
> > $IPTABLES -I INPUT -s 203.127.160.155 -j DROP
>
> Note, that this is OK for a home user, probably not a good idea for the
> Corporate webserver, as you are banning everybody who will ever use the
> same IP address (think dial up users, and folks behind NATed firewalls).
Second that. That's what fail2ban (available in your favorite universe) is
about. It blocks an offending ip (after some failed login attempts) for a
predetermined period.
This of course introduces the vast world of NIDSs, that comes along with tons
of documentation. But fail2ban's defaults are nice for a small system (after
5 attempts, block for half an hour), which makes it fairly plug n play to
install.
regards
FF
--
- Porque quebra a linha de leitura.
- Por que não é bom escrever o reply em cima do email?
More information about the ubuntu-users
mailing list