Odd ssh attacks?
David Ford
david at blue-labs.org
Fri Jul 20 13:57:23 UTC 2007
Putting them in host.deny uses a lot more resources than iptables.
Iptables is your first line of defense encountered when a packet arrives
at your machine. There is no context switch into userland. The CPU
cycles, ram, and disk use to block connections in userland instead of
via iptables is far more expensive.
The iptables method is extremely fast, entirely reliable and entirely
automatic. No log processing needed, no crontab entries. No need to
run inetd and tcpwrappers. No need for any userland interaction save
for the iptables startup when you boot your machine.
It isn't better to use host.deny instead of iptables. It's much slower
and a little more error prone.
-david
Njoku, George O. wrote:
> I constantly monitor my log files ( ssh = /var/log/secure - fedora
> )...(/var/log/auth.log for Ubuntu)
>
> I wrote a Perl script and put in Cron(4 times an hour) to block IPs of
> probes-"Invalid Users".
> Normally ssh client bots keep trying different users to brute force
> their way in.
>
> Rather than having them constantly trying flooding my network with
> requests, I just block IP.
> Currently, I use iptables, but it could be better to put them in
> hosts.deny
>
> I know...unconventional, but ok.
>
> George
>
More information about the ubuntu-users
mailing list