Is there a way to parse the attacker's IP and block it permanantly via: iptables -A INPUT -s $IP -j DROP and cat > /etc/hosts.deny ? something close to what portsentry does, but using that SSH iptables Brute force script. This thread went big and confusion reigned on the latest version of the Brute Force script, kindly post the latest/best iptable rules :) thanks On Mon, 2005-05-23 at 18:31 +0200, Brent Clark wrote: > Taylor, Grant wrote: > >> So... I cant see why I cant connect from a dynamically assigned ip. > > > > > > Brent, I'll have to take a closer look at your script later on (complete > > flow analysis vs just the SSH_Brute_Force chain). But for now it looks > > like you have both versions (original and updated one) in your firewall, > > this could be causing a few problems as I don't think it would take more > > than one attempt in a 60 second period to get your self to the point > > that you would be TARPITed / DROPed. However I think that you would be > > able to connect at least 1 time from any dynamic remote IP in the 60 > > second period. Also keep in mind that the recent module (in the updated > > version) is using an --update option which will keep track of the number > > of times that you have tried to connect for 60 seconds after the last > > connection attempt. > > > > Hi Grant > > If you look carefully on the left, you will see I have hashed out the > original rules. > > Thanks > > Kind Regards > Brent Clark > -- Sadus . <sadus@xxxxxxxxxxxx> Swiftbin.net
