On Tue, 10 Aug 2010, John R Pierce wrote:
> To: CentOS mailing list <centos@xxxxxxxxxx>
> From: John R Pierce <pierce@xxxxxxxxxxxx>
> Subject: Re: Iptables questions
>
> On 08/10/10 1:30 PM, Bob Hoffman wrote:
>> 1) I have switched my SSH to a different port. I would like to still check
>> for anyone trying to hit the old port 22 and log them. At the same time add
>> them to a reject/ban for a certain period of time, lets say 1 day.
>
> If nothing is listening on that port, then whats to 'ban' ?
I think what Bob wants to do is to move his sshd to another
non-standard port, and leave port 22 open. Then see what's
trying to access that. I guess you could run another
'dummy-sshd' type program to listen on port 22, in place of
the real sshd, and then log all incoming packets on that
port?
IIRC sshd logs all connection attempts anyway?
IPtables can log packets coming in to any particular port. I
don't think the port needs to be open for IPtables to log a
packet headed for that particular port?
I log ALL packets coming into my firewall, and then purge the
logs with a cron job every 24 hours.
Kind Regards,
Keith Roberts
-----------------------------------------------------------------
Websites:
http://www.php-debuggers.net
http://www.karsites.net
http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
