Hello Everyone,
Thanks for all your suggestions. I have gone with iptables and blocked
off the necessary region ip blocks in my firewall. If anyone is
interested i'll send the list.
Thanks again.
Dave.
On 5/11/11, Ljubomir Ljubojevic <office@xxxxxxxx> wrote:
> Robert Spangler wrote:
>> On Wednesday 11 May 2011 12:58, the following was written:
>>> the atempts are from a certain registrar's region, I won't name it,
>>
>> iptables -I INPUT -i eth0 -s x.x.x.x/24 -j DROP
>
> I do not consider /24 subnet a "region subnet". You would need to use
> something like sophisticated reverse DNS to resolve IP of the connection
> and that would take time, not to mention problems with false positives
> and .com, etc. Only way would be if you would know physical locations of
> respective subnets.
>
> I use denyhosts that regularly pools new offenders IP's from protected
> systems all around a world. On my 3 servers, in last 5 months, I had
> only 114 e-mail reports of an ssh attempt. denyhosts uses hosts.deny,
> and currently I have ~7000 IP's blocked from there that are
> automatically blocked.
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
