On Tuesday 22 November 2005 2:14 am, Knute Johnson wrote:
What I did here for a while was run what amounts to a simple shell script that grabbed the IP's of the attacking machines and stuffed them into an IP-level filter against all traffic from that machine. This still allowed the attacker to have 5-10 seconds of fun, but life got really boring for them after that.
-wolfgang
I found an idea that uses the recent module of iptables. Was easy to write and works really well. The first connection gets through but fails because of the public/private key setup and the second connection is dropped. I know that it uses some cpu time and that isn't a consideration on my machine with only one user but after two tries they go away. Before I put the chains into iptables they would attack for as much as an hour or more. I would guess that would use more cpu over time.
Wolf: Thanks again for the instructions on the p/p key setup.
-- Knute Johnson Molon Labe...
A while back there was discussion on the list about a script that monitored /var/messages and /var/secure and would write a rule to block an IP address after "x" number of attempts to log in. I could not find the reference that I kept. You might try searching the list but the scripts were very good.