Re: Iptables questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



on 8-10-2010 3:08 PM Keith Roberts spake the following:
> On Tue, 10 Aug 2010, John R Pierce wrote:
> 
>> To: CentOS mailing list <centos@xxxxxxxxxx>
>> From: John R Pierce <pierce@xxxxxxxxxxxx>
>> Subject: Re:  Iptables questions
>>
>>  On 08/10/10 1:30 PM, Bob Hoffman wrote:
>>> 1) I have switched my SSH to a different port. I would like to still check
>>> for anyone trying to hit the old port 22 and log them. At the same time add
>>> them to a reject/ban for a certain period of time, lets say 1 day.
>>
>> If nothing is listening on that port, then whats to 'ban' ?
> 
> I think what Bob wants to do is to move his sshd to another 
> non-standard port, and leave port 22 open. Then see what's 
> trying to access that. I guess you could run another 
> 'dummy-sshd' type program to listen on port 22, in place of 
> the real sshd, and then log all incoming packets on that 
> port?
> 
> IIRC sshd logs all connection attempts anyway?
> 
> IPtables can log packets coming in to any particular port. I 
> don't think the port needs to be open for IPtables to log a 
> packet headed for that particular port?
> 
> I log ALL packets coming into my firewall, and then purge the 
> logs with a cron job every 24 hours.
> 
> Kind Regards,
> 
> Keith Roberts
A tarpit would be good on there... Answer the port and just trickle back the
handshake to keep the client waiting for a long time


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux