[UFO Chicago] Tripwire to shut off ssh access to a host?
Neil R. Ormos
ormos at ripco.com
Fri Nov 17 11:04:49 PST 2006
Jordan Bettis wrote:
> Nate Riffe wrote:
>> Jordan Bettis said this (probably recently):
>>> ISTR a program that uses netfilter to
>>> automatically block hosts that fail login to
>>> ssh x number of times. [ . . .]
>>> Does anyone know what that program is, as I
>>> can not find it now in debian stable.
>> It's not a "program," it's just these four
>> rules, the second of which is optional if you
>> don't want to log blocked connections and the
>> last of which is optional if you are not
>> otherwise blocking access to port 22: [ . . . ]
> [ . . . ] I decided to decode how it works: [ . . . ]
> If you make four ssh connections in 60 seconds,
> it will blacklist you, but the blacklist will
> expire in a minute if you don't try to make
> another connection and reset the counter before
> it expires.
Thanks to Nate for posting the iptables recipe.
Thanks to Jordan for decoding it, as I know little
about iptables and the decoding saved me a lot of
time
--Neil
More information about the ufo
mailing list