I love IP Tables....
jdow
jdow at earthlink.net
Sat May 26 10:19:27 UTC 2007
From: "Amadeus W.M." <amadeus84 at verizon.net>
>
>> People asked - here is the answer:
>> # Then setup the reject trap
>> $IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack
>> --set $IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name
>> sshattack \
>> --rcheck --seconds 180 --hitcount 2 -j LOG --log-prefix 'SSH REJECT: '
>> $IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
>> --rcheck --seconds 180 --hitcount 2 -j REJECT --reject-with tcp-reset
>>
>>
>> Adapt it to your configuration, of course. {^_^} (I probably should
>> have included that in the first email for
>> politeness. Please 'scuse me.)
>
> You do know, that if you run ssh on your pet's birthday port, rather than
> 22, you will not see any of the crap brute force attacks, don't you?
Yes, but then I've faced enough port scans to realize that security
through obscurity is horse feathers.
{^_-}
More information about the users
mailing list