| |
| |
| |
|
Comments:
<0> hm, rate the limit
<0> I was looking at the iptables limit , but that looks like it would just drop all tcp port 22 connections, not just the bad ones
<0> so I was thinking a script is the best way
<1> http://floptical.net/sshblock.txt
<1> that bans them for a week or so
<1> if they connect more than 3 times in a minute
<1> which would be extremely rare for a normal user
<2> mogi, Better to parse the logs for failed logins
<1> tech-: why?
<1> this iptables script catches and handles them faster
<1> logs require waiting for the filesystems and buffers to flush, etc
<1> you can get pounded pretty bad in that time
<2> Hmm, can't you write an interface to syslog to parse these things directly? Just athought, I have no idea if it is possible
<1> plus, if you type your p***word wrong, the log/script method might nail you
<2> Well the thing is, the attacker could do this with a delay
<1> 99.9% of these type of attacks are brute-force prefabbed lists
<1> they just hammer with a list of usernames and p***word to try
<3> anyone heard of (or used) citadel?
<0> --dport ssh
<0> that is cuite
<0> *cute
<0> guess it will just read the /etc/services
<0> I always put 22
<4> --dport?
<4> i'm not seeing it
<0> #$ipt -A tcp_packs -i $in -p TCP --dport 22 -j allowed
<0> thats what I had before
<4> oh, i thought you meant an ssh option
<0> but he was saying --port ssh works too
<0> err -dport ssh
<4> Coder7: i've heard of them a lot, but they're not citadel anymore
<4> i mean, i guess they are
<4> but mcafee just bought them
<4> i was at the mcafee site the day they all came on site
<4> but yeah, you can do firewall rules by protocol for just about all firewalls
<4> not just iptables
<5> blah blah
<6> ****in' Slack isn't activating my wlan card
<7> doododo.
<8> heya
<7> Arf.
<8> what's up gammy?
<7> Nothing, just working.
<7> Fleh-
<7> .
<9> so many freenode help channels, so many idle ****ers.
<1> freenode is useless
<1> I never sign on to it
<10> morning
<7> Doodooodoo
<7> phyber: A few are active, though.
<9> just not the right ones ;)
<7> phyber: Hehe.
<8> good afternoon slackers
<7> Afternoon.
<2> gamkiller!
<7> tech-: what?
<2> gamkiller, Do you remember the roulette game I once made? Did I ever give you the source? (Yes, I've lost it :))
<7> tech-: no I don't
<7> not wordquiz?
<2> Nah
<7> sorry man, can't help you
<2> No prob =)
<2> I'll just rewrite it, fun and you get to improve the code.
<7> yeah =)
Return to
#slackware
or
Go to some related
logs:
nokia d211 ndiswrapper
funny saturda quotes
stop 0x0000021a
#sex
#politics
#delphi
ntbackup bad data
#beginner
#computers
nuatl
|
|