Re: Temporarily Disable IP
> Is there a way to temporarily disable such IPs which fail to authenticate ?
Doing each of these things has had a dramatic impact on the number of brute
force attempts I see:
1) limit the ips with a blacklist -> at continental granuarity
2) limit the accounts that can login
3) limit the number of attempts to 3 per 5 minutes per ip
1) I used the raw ip blocks from "krfilter" to make a shorewall blacklist
to disallow access from asian ips. (Not a good idea for a machine serving
web pages or mail of course, this is for a personal machine.) If someone
has a list of australian, european, etc I'd add those too...
You can get the list I'm using for that from:
2) I also limit the users with "AllowUsers" in my sshd_config.
3) I followed these directions to get a "3 strikes and you're out for 5
minutes" policy with shorewall (it's not totally spelled out but it will
get you really close):
Dale E. Martin - email@example.com