I'm writing a reactive bash script this weekend to take care of the problem. Can't load python on these embedded servers, or I'd just use the denyhosts script Josh and George suggested. The idea of generating a common database of offending IPs to propagate to all our servers is a good one too, that will be in Version 2 :-)
Thanks, Tom S. ----- Original Message ----- From: "Butch Evans" <but...@butchevans.com> To: "Tom Sharples" <tsharp...@qorvus.com>; "WISPA General List" <wireless@wispa.org> Sent: Saturday, May 02, 2009 12:18 PM Subject: Re: [WISPA] Crude dictionary attack via ssh > On Fri, 2009-05-01 at 18:36 -0700, Tom Sharples wrote: >> This works too :-) >> >> iptables -A INPUT -s 213.165.154.53/24 -j DROP > > It does for sure. The only problem is that this one host is not the > only one to be concerned about. If you have a router at the border of > the network that has the capability of watching the network for this > type of behaviour and responding to it, then I'd suggest adding that > function there. > > The denyhosts script that Josh suggested works, but it is a reactive > script. In other words, it watches the log file and does what you > suggest automatically. At least that's what I saw the first time I > looked at it. > > A better approach is the one that Eje suggested. His suggestion uses a > router (probably Mikrotik in his case) that watches for this behaviour > and drops all traffic from this host automatically. You can do this > with Mikrotik, ImageStream or any other OS that includes iptables and > the "recent module". It's not even that hard to do. > > -- > ******************************************************************** > * Butch Evans * Professional Network Consultation* > * http://www.butchevans.com/ * Network Engineering * > * http://www.wispa.org/ * WISPA Board Member * > * http://blog.butchevans.com/ * Wired or Wireless Networks * > ******************************************************************** > > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
