Re: What to do with attackers?
I use iptables with the recent module.
Chain INPUT
target prot opt source destination
ACCEPT tcp -- localnet/24 anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED,UNTRACKED tcp dpt:ssh
DROP tcp -- anywhere anywhere tcp dpt:ssh state INVALID,NEW recent: UPDATE seconds: 60 name: DEFAULT side: source
ACCEPT all -- anywhere anywhere state INVALID,NEW recent: SET name: DEFAULT side: source
You can't make more than one connection/min unless you are on the local
network. Works great.
--
John L. Fjellstad
web: http://www.fjellstad.org/ Quis custodiet ipsos custodes
Reply to: