Re: Reporting brute force ssh login attempts

To: debian-user@lists.debian.org
Subject: Re: Reporting brute force ssh login attempts
From: John L Fjellstad <john-debian@fjellstad.org>
Date: Sat, 18 Nov 2006 14:42:51 -0800
Message-id: <[🔎] 87bqn4xtp0.fsf@fjellstad.org>
References: <[🔎] 455B6196.9090701@kraya.co.uk> <[🔎] 20061117011402.GJ2621@pluto>

Douglas Tutty <dtutty@porchlight.ca> writes:

> Is there a way to configure the firewall to only allow or deny connection
> attempts from certain ip addresses?

I set my firewall to only allow one connection pr minute pr ip address.
So, if you fail the connection, the firewall will drop all connection
from that ip address until there has been at least one minute since last
attempt.  Works great.

Take a look at the recent module in iptables (iptables -m recent --help)

-- 
John L. Fjellstad
web: http://www.fjellstad.org/          Quis custodiet ipsos custodes

Reply to:

References:
- Reporting brute force ssh login attempts
  - From: Shri Shrikumar <shri@kraya.co.uk>
- Re: Reporting brute force ssh login attempts
  - From: Douglas Tutty <dtutty@porchlight.ca>

Prev by Date: module load order
Next by Date: Re: Help with configuration of Apache 2.2 and VirtualHost
Previous by thread: Re: Reporting brute force ssh login attempts
Next by thread: (OT) EFF call for help against restrictive patents
Index(es):
- Date
- Thread