[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: blocking IPs that try to crack SSH, is portsentry what I want?

Anonymous wrote:
I get loads of this crap in my auth.log file,

Failed password for illegal user root from ...
Failed password for illegal user webmaster from ...
Failed password for illegal user data from ...

sometimes almost 100 attempts in series from the same IP. I
want to install something that will block an offensive IP
indefinitely after a few bad attempts (say 3 or 4 rather
than 1, since I occasionally make typos when logging in!).

Is portsentry the package I want in order to do this?
Is it easy to configure to do what I want?

IIRC Port Sentry operates by blocking connections to ports that are
un-used, i.e. if you were not using SSH and someone connected to port 22
then PortSentry would activate and update IPTables to block the IP.
However it will not stop connections to ports where services are listening.

Do you need to allow access to SSH from anywhere, or can you just place
a few rules into your IPTables firewall script to only accept
connections from specific IP's?

That said, the simple solution would be to change the default SSH port
from 22 to something unobvious.



Reply to: