Firewalling away the 'l33t haxx0rz'

Yes, the world is full of dorks who run big long dictionary attacks against any host which responds to ssh. Any word in the dictionary, although they pretty much always use an English dictionary.

If you're using decently secure passwords, the only thing they're accomplishing is creating a few zillion failed authentication entries in /var/log/secure for you. Well, that and making you hear the hard drive gronk away with logging their failed attempts, which will go on for hours unless you get bored and firewall them away.

So, just for an example from the last hoser to try it on my machine... this bans his IP entirely. They can just come back on another IP, but usually the doofuses who think they're going to get into your machine with this tactic will end up thinking that they've "booted you from the internet" and start congratulating themselves... in the meantime, your hard drive isn't writing failed-auth logs anymore and you can get back to sleep or whatever.

iptables --insert INPUT 1 -j DROP -s 80.248.208.50/32

-- SeanNewton - 29 Jan 2008

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2008-03-24 - SeanNewton
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback