Re: failed root login attempts
On Sun, 19 Sep 2004, Dossy Shiobara wrote:
> On 2004.09.19, martin f krafft <madduck@madduck.net> wrote:
> > Other than blacklisting the IPs (which is a race I am going to
> > lose),
> Why do you say that? I haven't seen this more than a few times a week
> so I haven't bothered to do anything yet, but I'm very close to writing
> a script that tail's the syslog and on more than X repeat failures,
> add a rule to iptables -j DROP traffic from the offending IP address.
>
> If I'm feeling nice, I'll keep a list of the IPs that have been
> temporarily blacklisted with a timestamp of when they were added, and
> expire them after X time has passed ...
why don't you create host based access controls?
or use only public key authentication?
I'm using that for a few years without any problems...
ByeZ,
WaS
Reply to: