From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RKiyT-0005Cf-Tz for garchives@archives.gentoo.org; Mon, 31 Oct 2011 03:55:50 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8744721C035 for ; Mon, 31 Oct 2011 03:55:49 +0000 (UTC) Received: from amun.rz.tu-clausthal.de (amun.rz.tu-clausthal.de [139.174.2.12]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j92LTsl6032276 for ; Sun, 2 Oct 2005 21:29:54 GMT Received: from amun.rz.tu-clausthal.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id BC7DB2A8D83 for ; Sun, 2 Oct 2005 23:37:52 +0200 (CEST) Received: from tu-clausthal.de (hathor.rz.tu-clausthal.de [139.174.2.1]) by amun.rz.tu-clausthal.de (Postfix) with ESMTP id CE4A92A8D63 for ; Sun, 2 Oct 2005 23:37:49 +0200 (CEST) Received: from energy.heim10.tu-clausthal.de ([139.174.241.94] verified) by tu-clausthal.de (CommuniGate Pro SMTP 4.3.8) with ESMTP id 8165659 for gentoo-security@lists.gentoo.org; Sun, 02 Oct 2005 23:37:49 +0200 From: "Hemmann, Volker Armin" To: gentoo-security@lists.gentoo.org Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs Date: Sun, 2 Oct 2005 23:37:49 +0200 User-Agent: KMail/1.8.2 References: <43404CB8.3@lunatic.net.nz> In-Reply-To: <43404CB8.3@lunatic.net.nz> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@gentoo.org Reply-to: gentoo-security@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200510022337.49116.volker.armin.hemmann@tu-clausthal.de> X-Virus-Scanned: by PureMessage V4.7 at tu-clausthal.de X-Archives-Salt: 8df2aacb-f6c7-49ae-84b3-83ceefa61b05 X-Archives-Hash: 4b1834f8843859231c9acc2d6d1086c6 On Sunday 02 October 2005 23:10, Jeremy Brake wrote: > Hey all, > > I'm looking for an app/script which can monitor for failed ssh logins, > and block using IPTables for $time after $number of failed logins (an > exclusion list would be handy as well) so that I can put a quick stop to > these niggly brute-force ssh "attacks" I seem to be getting more and > more often. > > Anyone have any ideas? > > Thanks, Jeremy B and what do you do, if they spoof your gateway/router/nameservers ip? If you use key-based authentifiction, you shouldn't have to fear brute-force attemps... and as the others wrote, changing the port, may also help a bit. -- gentoo-security@gentoo.org mailing list