Does anyone know how to block in the blacklist the whole China subnets. I get multiple attempts everynight. It seems they are trying to bruteforce the ssh client. Sooo I just want to block them all if I can find a list. Hehehe. Thanks Jack ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Jack Hale escribió:> Does anyone know how to block in the blacklist the whole China subnets. > I get multiple attempts everynight. It seems they are trying to > bruteforce the ssh client. Sooo I just want to block them all if I can > find a list. Hehehe.read http://www.shorewall.net/blacklisting_support.htm however do not expect that security measure to work, blocking a whole coutry with billons of potential customers.is not precisely a brillant idea,and if you don''t have Chinese customers. you have to know that country based blacklisting is an AWFUL security protection. however, you can use the built-in Limit action to reduce the number of bruteforce attempts. http://www.shorewall.net/PortKnocking.html
Jack Hale wrote:> Does anyone know how to block in the blacklist the whole China subnets. > I get multiple attempts everynight. It seems they are trying to > bruteforce the ssh client. Sooo I just want to block them all if I can > find a list. Hehehe.A much better solution than blacklisting is switching ssh to another port and using only keys for authentication (i.e. turn of PAM and password authentication methods in sshd_config). Paul
Paul Gear wrote:> ... > A much better solution than blacklisting is switching ssh to another > port and using only keys for authentication (i.e. turn of PAM and > password authentication methods in sshd_config).That should have read: "turn OFF PAM and password authentication ..." Paul
On Tue, 2006-04-04 at 16:08 -0500, Jack Hale wrote:> Does anyone know how to block in the blacklist the whole China subnets. > I get multiple attempts everynight. It seems they are trying to > bruteforce the ssh client. Sooo I just want to block them all if I can > find a list. Hehehe. >Use a different port, or more simply, use something like denyhosts which will block each address after a few bad attempts. Has the benefit of not blocking all the good guys and blocks all of the non-chinese bad guys. -- David Hollis <dhollis@davehollis.com>