There's a tool called portsentry that works pretty well on some of these things. You can set up its sensitivity to certain events & it will drop (l)users into hosts.deny and also much your ipchains to drop anything from that source into your bit bucket, so it appears that you just fell off the earth. Of course, the routes get reset on power cycles & so forth (or in my case, I rerun my firewall script every midnight to flush out all the rules & reload)
-Tom
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Chris W. Parker
Sent: Tuesday, April 05, 2005 6:43 PM
To: General Red Hat Linux discussion list
Subject: RE: SSH2
David Tonhofer, m-plify S.A. < mailto:d.tonhofer@xxxxxxxxxxx>
on Tuesday, April 05, 2005 1:37 PM said:
> I don't think so, I have a few thousand attempts with various vanilla
> users each day on each machine. Tiresome. I think SSH should tarpit
> the connections, I have already an itch to fix the source....
So this happens to everyone huh? That's good to know.
So then as long as software is up to date and strong passwords are used,
I guess there's not much to worry about then?
I wonder why though the firewall (iptables) doesn't automatically block
ip addresses after say 20 failed attempts? Is this possible?
Chris.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
