Re: Banning SSH attackers

From: Nate Smith (nate_at_thebackrow.net)
Date: 10/21/05

  • Next message: Ben Ford: "Re: Banning SSH attackers"
    Date: Fri, 21 Oct 2005 12:12:09 -0700
    To: Paul Berube <stazz@shaw.ca>
    
    
    

    On Thu, Oct 20, 2005 at 11:42:24AM -0600, Paul Berube wrote:
    > What I'd like is a system configuration where I just drop all packets
    > from hosts that cause one of these messages for the next, say, 5 min.
    > This way, a login failure from a legitimate user is not a catastrophic
    > event for them, but greatly limits the ability of attackers to hammer on

    I didn't find anything to do this either, so I wrote it a while back.
    Meant to post it on freshmeat but didn't get time to.

    The firewall rules are written for linux/iptables, so you can easily
    adjust them for other systems, feel free to send me patches.

    -nate

    
    



  • Next message: Ben Ford: "Re: Banning SSH attackers"