debian at herakles.homelinux.org
Thu Jan 26 23:49:31 UTC 2006
Steven J Lamb wrote:
> I am trying to create a script to block people using hosts.deny. I
> realize that I should just block everyone and then open access for those
> whom I know I trust but because of the nature of our network this is not
> possible. basically I check log files for login attempts every five
> minutes and block those that attempt to log in more than 3 times that
This is too late. An automated attack may well be completed in this
window of time.
Instead, use another port as a door-knock: when someone tries to connect
to <some port>, then allow connexions to ssh for a short time.
For an automated connexion from a remote site, something like this:
echo | nc example.com <some port>
The nc command is contained in the netcat package.
I think I've seen how to implement this door knock entirely in iptables
recently, but didn't note the details.
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
More information about the users