On Tue, Feb 14, 2006 at 07:55:58AM +1100, Voytek Eymont wrote: > as of few weeks ago, my log watch has swollen up well over 500k, full of > dictionary ? attempted atacks like below: > > is there much I can do ? like to prevent multiple attempts from same IP ?
I have the following configured to drop connections after four ssh connections from the same address in the space of 60 seconds, using ipt_state: iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent \ --set --name SSH --rsource iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent \ --update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j DROP Cheers, Paul -- Paul Dwerryhouse | PGP Key ID: 0x6B91B584 ======================================================================== Installing Debian Sarge with software RAID: http://nepotismia.com/debian/raidinstall/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html