[mdlug] Restricted Remote Access Script
Robert J. Clay
rjclay at gmail.com
Sat Jan 13 09:00:18 EST 2007
On 1/13/07, David Relson <relson at osagesoftware.com> wrote:
> On Sat, 13 Jan 2007 01:17:33 -0800 Michael S. Mikowski wrote:
> > My remote machine is getting hit with 1500+ dictionary
> > login attempts per day, and I think its time to consider
> > locking down ssh.
I'm using the rate limiting capabilites in the firewall to help
with that: if the
"rate is more than 1/minute and burst rate is more than 3 and state of
connection is NEW", then it gets dropped... (quoted from how the
rule is displayed in the webmin interface...)
> Joe L has a script that scans the system log for ssh failures.
The one I'm using for that function is one that adds directly to
an SSHBLACKLIST chain in iptables... (sshblacklist v2.7,
http://www.pettingers.org/code/sshblack.html)
--
Robert J. Clay
rjclay at gmail.com
More information about the mdlug
mailing list