Re: stopping ssh attacks
Thomas Stivers wrote:
I have been getting a huge number of attempts to log into my box via ssh
which fail with invalid username entrys in the logs. Is there already a
package which will let me look through the logs and dynamically add
iptables rules to drop anything from these scanning addresses after
something like 3 attempts. I know I can set up hosts.allow and
hosts.deny to only allow ssh in from particular ip's, but I'd rather not
do that. Any suggestions would be appreciated.
get 'chkrootkit' (www.chkrootkit.org) and 'rootkit hunter'
(www.rootkit.nl) and check your box.
info regarding portnocking: www.portknocking.org (my fav. is Sadoor)