[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: stopping ssh attacks



On Thu, Jun 16, 2005 at 10:16:43AM -0400, Ugo Bellavance wrote:
> michael wrote:
> > On Thu, 2005-06-16 at 09:05 -0500, Thomas Stivers wrote:
> > 
> >>I have been getting a huge number of attempts to log into my box via ssh
> >>which fail with invalid username entrys in the logs. Is there already a
> >>package which will let me look through the logs and dynamically add
> >>iptables rules to drop anything from these scanning addresses after
> >>something like 3 attempts. I know I can set up hosts.allow and
> >>hosts.deny to only allow ssh in from particular ip's, but I'd rather not
> >>do that. Any suggestions would be appreciated.
> >>
> > 
> > 
> > 
> > I set up sshd_config to use a different port. That stopped them (for
> > now...)
> > 
> 
> Maybe try port knocking.  A google search should find.
> 

I am actually getting ready to package doorman, which does something
similar.  I will probably have it packaged and uploaded in a week or so.

-Roberto
-- 
Roberto C. Sanchez
http://familiasanchez.net/~sanchezr

Attachment: pgphHf55yNDwC.pgp
Description: PGP signature


Reply to: