LeRoy Cressy on Sat, 8 Feb 2003 10:18:13 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables and NAT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Eugene Smiley wrote:
plug-admin@lists.phillylinux.org <> wrote:

How are you deterining "unauthorized" SSH attempts? Do you mean
you limit SSH access to certain source IPs? Kinda limits you
somewhat from checking your home LAN from whereever you happen to
be, doesn't it?

What I consider unauthorized attempts are ones that have previously tried different login names and tried to guess passwords on my system. If you notice that someone somewhere in the world is attempting to login to your system searching for passwords and various login names and their IP address is constant then it would behove you to block ssh from that IP address. This has happened more than once on my system.


How do you implement this? Do you have a blacklist file or do you create a
rule for each attempt through iptables?


At present I implement a separate rule but it would be easy enough to create a black list to read.



- -- Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\
http://lrcressy.com ( o.o )
Phone: 215-535-4037 > ^ <


gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQE+RR8vP+/m2oUBr+oRApdfAJ9lkbdTPa3louvgvlhE8Ltz6cwZHgCgj2gE
fsFj0Kl0o3dd0pY+i70m+G8=
=KXNf
-----END PGP SIGNATURE-----

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug