How about this: 1. You will keep one random high port to accept new connection, say 32456. You box wont listen on that port though. 2. If there have a request on that port, using recent match, you will accpet new connection in different high port for 1 mintute. say port is 34521 3. You will send new connection request on 34521, again using recent match you will open port 22 to accept new connection for 1-3 minutes. 4. You will log into your box !! Mohammmad Original Message: ----------------- From: Taylor, Grant gtaylor@xxxxxxxxxxxxxxxxx Date: Thu, 19 May 2005 09:39:25 -0500 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: SSH Brute force attacks > I understand what you are saying, but what was hoping for. Was a > solution whereby the src ip is not part of my whitelist. > > For example, I have a dialup account (dynamic ip) at home. If I need to > SSH into my linux box from home. I cant because the ip I have been > allocted will not be in the whitelist. Can I ask why you would not be able to get in from your dynamic IP at home? The rule set will allow (how ever many NEW attempts you designate) to connect for a specified number of times in a specified amount of time. You don't have to have your dynamic IP in the list as any IP will still be able to initiate NEW connections a few times before the rule starts TARPITing / DROPing the connection. There is also the fact that you could configure your SSH server to listen on a (2nd) port at a higher port number that you would know about that most people would not. This port would not be processed by this script and thus you would be able to connect from anywhere. Grant. . . . -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ .
