[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH Cracking Attempts

On Thu, Sep 30, 2004 at 08:58:26AM -0500, Jacob S wrote:

> No, I already have root logins disabled via ssh. Now I'd like to get
> something setup that starts blocking ips automatically when it sees a
> certain number of failed logins. Not blocking based on username, but
> blocking based on ip addresses or even mac addresses (since I notice
> iptables is capable of filtering on mac addresses).

Filtering by MAC address is only possible on your local network,
unless you simply wish to block your own isp's routers. I don't think
one should ever be writing firewall rules based on MAC addresses,
unless you are "fixing" something that is broken and can't be fixed
any other way ... the whole point of the higher level abstraction of
tcp/ip is that we don't have to deal with mac addresses.

There's really no reason to be blocking addresses "automatically"
based on certain criteria; it usually doesn't make you any less
vulnerable and complicates things unneccessarily; it's just more
trouble than it's worth..

-- 
  _   _   _   _   _   _   _   _   _   _   _   _   _  
 / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 
( t | i | m | @ | i | t | . | k | p | t | . | c | c )
 \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ 
GPG key fingerprint = 1DEE CD9B 4808 F608 FBBF  DC21 2807 D7D3 09CA 85BF
Reply to: