[SATLUG] "Recent" module in iptables - block attacks
Channing
channing-c at satx.rr.com
Thu Dec 21 14:56:08 CST 2006
Thomas King wrote:
> Has anyone used iptables as described in
> http://www.debian-administration.org/articles/187 to block ssh attacks? I
> currently use DenyHosts to help protect ssh, but it runs every few
> minutes. It looks like this method would work closer to real time.
>
> Thanks!
> Tom King
>
I can't comment on those techniques, but one of the best methods I use
is a sensor on port 22. I then run sshd on a non-standard port. The
documentation on SENSOR is the xinetd.conf man page. There are other
things that I do against the port that accepts ssh connections, but that
goes into areas like the article you sent would address (port-knocking,
firewall rules, ACLs within sshd's configuration).
HTH,
Channing
--
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?
More information about the SATLUG
mailing list