brute force ssh attack
P. Thompson
ptfedora at majordomo.thedacare.org
Sat May 7 02:09:40 UTC 2005
On Wed, 4 May 2005, Daniel B. Thurman wrote:
> Folks,
>
> Seems that I am getting daily brute-force ssl attacks --
> Anything I can or should do?
>
I wrote a little script that adds an iptables rule to drop the attacking
ip address for an hour then remove the block. An hour might be overkill,
but they never come back from the same address.
It does not block on false users from IP ranges I normally come in from so
if I fat-finger my login I'm not screwed for an hour.
I keep my sshd unblocked because I periodically ssh in from previously
unknown quarters and want that flexibility.
More information about the users
mailing list