[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Temporarily Disable IP

> Is there a way to temporarily disable such IPs which fail to authenticate ?

Doing each of these things has had a dramatic impact on the number of brute
force attempts I see:
1) limit the ips with a blacklist -> at continental granuarity
2) limit the accounts that can login
3) limit the number of attempts to 3 per 5 minutes per ip

1) I used the raw ip blocks from "krfilter" to make a shorewall blacklist
to disallow access from asian ips.  (Not a good idea for a machine serving
web pages or mail of course, this is for a personal machine.)  If someone
has a list of australian, european, etc I'd add those too...

You can get the list I'm using for that from:

2) I also limit the users with "AllowUsers" in my sshd_config.

3) I followed these directions to get a "3 strikes and you're out for 5
minutes" policy with shorewall (it's not totally spelled out but it will
get you really close):

Take care,
Dale E. Martin - dale@the-martins.org

Reply to: