on 8-10-2010 3:08 PM Keith Roberts spake the following:
> On Tue, 10 Aug 2010, John R Pierce wrote:
>
>> To: CentOS mailing list <centos@xxxxxxxxxx>
>> From: John R Pierce <pierce@xxxxxxxxxxxx>
>> Subject: Re: Iptables questions
>>
>> On 08/10/10 1:30 PM, Bob Hoffman wrote:
>>> 1) I have switched my SSH to a different port. I would like to still check
>>> for anyone trying to hit the old port 22 and log them. At the same time add
>>> them to a reject/ban for a certain period of time, lets say 1 day.
>>
>> If nothing is listening on that port, then whats to 'ban' ?
>
> I think what Bob wants to do is to move his sshd to another
> non-standard port, and leave port 22 open. Then see what's
> trying to access that. I guess you could run another
> 'dummy-sshd' type program to listen on port 22, in place of
> the real sshd, and then log all incoming packets on that
> port?
>
> IIRC sshd logs all connection attempts anyway?
>
> IPtables can log packets coming in to any particular port. I
> don't think the port needs to be open for IPtables to log a
> packet headed for that particular port?
>
> I log ALL packets coming into my firewall, and then purge the
> logs with a cron job every 24 hours.
>
> Kind Regards,
>
> Keith Roberts
A tarpit would be good on there... Answer the port and just trickle back the
handshake to keep the client waiting for a long time
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
