Auto-blocking and emailing hosts that attack via ssh or ftp
16 views
Skip to first unread message
nepbabu.cx
Jun 3, 2007, 12:31:13 PM6/3/07
to foss-...@googlegroups.com, develope...@googlegroups.com, neps...@googlegroups.com
This script can help some sys admin in this list (mails the root, then
add the host to /etc/hosts.deny)-
http://www.deadbeef.com/index.php/auto_blocking_and_emailing_hosts_that_at
add the host to /etc/hosts.deny)-
http://www.deadbeef.com/index.php/auto_blocking_and_emailing_hosts_that_at
Cheers.
nepbabu.cx
Jun 5, 2007, 6:19:02 PM6/5/07
to NepS...@googlegroups.com, foss-...@googlegroups.com, develope...@googlegroups.com
Surmandal wrote:
> Thats the good one. But I think it will add that IP to host deny that mean
> it will block the IP using TCP wrappers. TCP wrapper works on Application
> layer . It is better to block from Firewall. Firewall works on layer 3 and
> 4. I am using this script
>
> iptables -N SSH_CHECK
> iptables -A INPUT -p tcp --dport 2001 -m state --state NEW -j SSH_CHECK
> iptables -A SSH_CHECK -m recent --set --name SSH
> iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name
> SSH -j DROP
>
> This script To Prevent the SSH based Dictionary Attack
> Thats the good one. But I think it will add that IP to host deny that mean
> it will block the IP using TCP wrappers. TCP wrapper works on Application
> layer . It is better to block from Firewall. Firewall works on layer 3 and
> 4. I am using this script
>
> iptables -N SSH_CHECK
> iptables -A INPUT -p tcp --dport 2001 -m state --state NEW -j SSH_CHECK
> iptables -A SSH_CHECK -m recent --set --name SSH
> iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name
> SSH -j DROP
>
> This script To Prevent the SSH based Dictionary Attack
Hmm... nice.. :)
Finally some yummy code. Is there a particular advantage to using
iptables to say using overlayer like shorewall that sets up iptables ?
Thanks.
Reply all
Reply to author
Forward
0 new messages