John L Fjellstad wrote: > > I usually enable the recent module in iptables, which means that you can > only login once every 1 minute or so. It usually give the attacker only > one try before they get shut down. > > Example: > # allow established and related connection > /sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > # if a NEW or INVALID package comes in, and it is in our list within the > # last 60 seconds, drop the package > /sbin/iptables -A INPUT -m state --state NEW,INVALID -m recent --update > --seconds 60 -j DROP > > # allow new connections to ssh port, add the ip address to our recent > # list > /sbin/iptables -A INPUT -p ssh --dport ssh -m state --state NEW,INVALID > -m recent --set -j ACCEPT > [msg snipped] > Also, in /etc/hosts.deny, set > ALL: PARANOID >
Thanks for tip on iptables. iptables look a bit heavy for me (lot of reading to do). So currently I am using /etc/hosts.allow, /etc/hosts.deny for controlling the IPs which can ssh into this machine. If I find them inadequate, I will use iptables. raju -- Kamaraju S Kusumanchi http://www.people.cornell.edu/pages/kk288/ http://malayamaarutham.blogspot.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]