[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables: identify host with DSL/Fritzbox

On 20/01/2009, at 1:30 PM, Sebastian Rose wrote:

Now the IPs are extracted from logfile lines matching regular
expressions. Each regular expression assigns a certain amount of
`points' to the IP. Once the IP's points reach a maximum (say 100
points), an iptables rule is added.

You should be able to grep ?/var/log/auth.log? and count the number
of failed attempts.

By now, I have no good way to _decrease_ the points again. All IPs are
granted access again after two weeks (configurable), if no new points
are added during that time span.

It would be better, to have different tactics for several groups of
IPs. AFAIK IPs like mine, dynamic ones, are reassigned all 24 hours in
germany (Telekom).  Maybe a second thread (or process) could do a
`whois' for all IPs tracked, and assign the IPs an appropriate
expiration date.

Based on this info, I would just reset the count after 12 hours - write
a timestamp in your file 'lock file' when you create the entry.

This leads to the question: is there a way to be certain, that an IP is
a dynamic one?

No - there isn't

I noticed, that the `whois' for dynamic IPs has no `[Admin-C]'
section. Could I depend on this fact?

No, and please don't. This is NOT what the whois servers are for.

Could I run a second shhd too? That one would use the same certificate
and different port and config. It would allow just one special user with
a long and akward name and password.

It sounds like you are looking for something like 'knockd'

Something like this may be an option for you:

Best regards,


Reply to: