Farkas Levente wrote:> Dario Lesca wrote:
>
>> Hi, this method for block SSH Login Attack it seems to be good.
>>
>> http://www.soloport.com/iptables.html
>>
>> which it is the better way in order to implement it into shorewall
>> config files?
>
>
> i like it!
> i also vote to implement it in shorewall too, what''s more even it
the
> 2.2 series (at least with a small patch). we also has a few hundreds of
> such attack per day and this solution is nice even in the general case.
> unfortunately imho it can''t be solved with a user level action,
but some
> kind of new action.AllowKnockSSH would be very useful (may be a
> parameter can be the knocking port). or is there any why to define such
> a rule in the current shorewall?
> yours.
>
Check out knockd. In the past Tom has said that port-knocking is outside
of shorewall''s scope, but he may have reconsidered. Just for the
record,
another less intrusive solution is to block attackers rather than
allowing (and explaining) the sikkrit passcode...
using swatch (less robust IMHO): http://www.dsrtech.com/sshblock/
using cron (has a lag, but very reliable):
http://lists.debian.org/debian-user/2004/12/msg00375.html -- I had to
make some minor mods to set this up ideally, but it''s working nicely
now. I particularly like hosts.deny via tcpwrappers because the rules
don''t go away after a restart.
--
Jack at Monkeynoodle dot Org: It''s a Scientific Venture...
Riding the Emergency Third Rail Power Trip since 1996!