From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RKiyU-00052K-AI for garchives@archives.gentoo.org; Mon, 31 Oct 2011 03:55:50 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1536D21C05E for ; Mon, 31 Oct 2011 03:55:49 +0000 (UTC) Received: from indigorobot.com (rrcs-24-73-229-216.se.biz.rr.com [24.73.229.216]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j92M58nC002894 for ; Sun, 2 Oct 2005 22:05:09 GMT Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs From: xyon To: gentoo-security@lists.gentoo.org In-Reply-To: <200510022337.49116.volker.armin.hemmann@tu-clausthal.de> Content-Type: text/plain Date: Sun, 02 Oct 2005 18:13:06 -0400 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@gentoo.org Reply-to: gentoo-security@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Content-Transfer-Encoding: 7bit X-Spam-Score: -2.8 (--) X-Spam-Report: Spam detection software, running on the system "www02.indigorobot.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: I agree. I use an obscure port for ssh as well as only allow key-based auth (PasswordAuthentication is disabled). I have not have any attempts on my boxes. On Sun, 2005-10-02 at 23:37 +0200, Hemmann, Volker Armin wrote: > On Sunday 02 October 2005 23:10, Jeremy Brake wrote: > > Hey all, > > > > I'm looking for an app/script which can monitor for failed ssh logins, > > and block using IPTables for $time after $number of failed logins (an > > exclusion list would be handy as well) so that I can put a quick stop to > > these niggly brute-force ssh "attacks" I seem to be getting more and > > more often. > > > > Anyone have any ideas? > > > > Thanks, Jeremy B > > and what do you do, if they spoof your gateway/router/nameservers ip? > If you use key-based authentifiction, you shouldn't have to fear brute-force > attemps... and as the others wrote, changing the port, may also help a bit. [...] Content analysis details: (-2.8 points, 3.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.8 ALL_TRUSTED Did not pass through any untrusted hosts Message-Id: X-Archives-Salt: 18630f83-3dfc-4710-9be2-cdcc3bd68f27 X-Archives-Hash: a5a570c390fbaa2be6a01fe00cd721d3 I agree. I use an obscure port for ssh as well as only allow key-based auth (PasswordAuthentication is disabled). I have not have any attempts on my boxes. On Sun, 2005-10-02 at 23:37 +0200, Hemmann, Volker Armin wrote: > On Sunday 02 October 2005 23:10, Jeremy Brake wrote: > > Hey all, > > > > I'm looking for an app/script which can monitor for failed ssh logins, > > and block using IPTables for $time after $number of failed logins (an > > exclusion list would be handy as well) so that I can put a quick stop to > > these niggly brute-force ssh "attacks" I seem to be getting more and > > more often. > > > > Anyone have any ideas? > > > > Thanks, Jeremy B > > and what do you do, if they spoof your gateway/router/nameservers ip? > If you use key-based authentifiction, you shouldn't have to fear brute-force > attemps... and as the others wrote, changing the port, may also help a bit. -- gentoo-security@gentoo.org mailing list