Fernando Lopez-Lezcano wrote:
> Another option is a service called denyhosts, it adds entries
> to /etc/hosts.deny for each host from which a defined number of failed
> logins happen. So the attacking hosts are dropped out as they try
> passwords and hopefully fail...
While effective, this can result in a DoS against your machine.
However, I do something similar with the firewall. I found a good firewall
script here:
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.h
tml#s-firewall-setup
And I added this rule:
#
# This is to limit all those ssh bots
#
/sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW
-m recent --update --seconds 60 --hitcount 4 --name DEFAULT --rsource -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW
-m recent --set --name DEFAULT --rsource
Which temporarily ignores traffic from a host if they hit my SSH port 4 times in
60 seconds.
However, in the past few months, the scripts that are attacking the ssh ports
have taken on a distributed attack vector that is able to circumvent this
firewall rule.
HTH,
Gabriel
_______________________________________________
Linux-audio-dev mailing list
Linux-audio-dev@email-addr-hidden
http://lists.linuxaudio.org/mailman/listinfo/linux-audio-dev
Received on Sun Feb 15 08:15:01 2009
This archive was generated by hypermail 2.1.8 : Sun Feb 15 2009 - 08:15:01 EET