On Tue, Feb 14, 2006 at 07:55:58AM +1100, Voytek Eymont wrote:
> as of few weeks ago, my log watch has swollen up well over 500k, full of
> dictionary ? attempted atacks like below:
>
> is there much I can do ? like to prevent multiple attempts from same IP ?
I have the following configured to drop connections after four ssh
connections from the same address in the space of 60 seconds, using
ipt_state:
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent \
--set --name SSH --rsource
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent \
--update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j DROP
Cheers,
Paul
--
Paul Dwerryhouse | PGP Key ID: 0x6B91B584
========================================================================
Installing Debian Sarge with software RAID:
http://nepotismia.com/debian/raidinstall/
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
