There is some job in prevent this SSH Attack by using port knocking techniques with iptables. With it will be need to do a probe in a other port from the admin choice to later do the ssh connection. This don't prevent all the attack, but will block all the script kiddies. Look at: http://www.soloport.com/iptables.html and http://www.portknocking.org/ On Apr 6, 2005 1:09 AM, Mike Klinke <mklinke@xxxxxxxx> wrote: > On Tuesday 05 April 2005 17:43, Chris W. Parker wrote: > > I wonder why though the firewall (iptables) doesn't automatically > > block ip addresses after say 20 failed attempts? Is this > > possible? > > You can run sshd via xinetd for access to various filtering. For > example you can set up for example you can specify: > > per_source --- > > Takes an integer or "UNLIMITED" as an argument. This specifies the > maximum instances of this service per source IP address. > > cps --- > > Limits the rate of incoming connections. Takes two arguments. > The first argument is the number of connections per second to > handle. If the rate of incoming connections is higher than this, > the service will be temporarily disabled. The second argument is > the number of seconds to wait before re-enabling the service after > it has been disabled. > > only_from --- > > Limit connection to certain addresses. > > and others ---- > > see "man xinetd.conf" > > Example /etc/xinetd.d/ssh file: > > service ssh > { > disable = no > socket_type = stream > type = UNLISTED > port = 22 > protocol = tcp > wait = no > user = root > server = /usr/sbin/sshd > server_args = -i -u0 > only_from = <ip address/range> > } > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- Cleber P. de Souza -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
