On 26 April 2010 15:09, Peter Zieseniss <peter@xxxxxxxxxxxxxxx> wrote: > Hello All, > > This is my first time posting; i am rather new to iptables, so please excuse the ignorance in my question. > > My personal CentOS-based webhost is under constant ssh attack from an interminable list of different IP addresses (just to give you an idea, my latsb data file grows by ~100MB every week!!). > i've noticed that they all seem to come from East-Asia (mainly China, Taiwan, Malaysia, Korea--both). > A better option would be to drop ssh connections if the number of attempts from a single ip address exceedes an acceptable limit (say 1/min - can't see many legit uses for ssh where you you connect and disconnect multiple times within a 1 minute window) This can be done using either hashlimit or the recent matches... Would put an example in but need to go give my presentation at work soon so will send one if you need it. -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.pbase.com/arimus - My online photogallery http://www.topcashback.co.uk/ref/rhorton -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
