Re: Banning SSH attackers
From: Nate Smith (nate_at_thebackrow.net)
Date: Fri, 21 Oct 2005 12:12:09 -0700 To: Paul Berube <firstname.lastname@example.org>
On Thu, Oct 20, 2005 at 11:42:24AM -0600, Paul Berube wrote:
> What I'd like is a system configuration where I just drop all packets
> from hosts that cause one of these messages for the next, say, 5 min.
> This way, a login failure from a legitimate user is not a catastrophic
> event for them, but greatly limits the ability of attackers to hammer on
I didn't find anything to do this either, so I wrote it a while back.
Meant to post it on freshmeat but didn't get time to.
The firewall rules are written for linux/iptables, so you can easily
adjust them for other systems, feel free to send me patches.
- text/x-perl attachment: tailauth_dist.pl