ssh Access from the internet
Jose A. Dias
jad-V3Qe//ktpHnR7s880joybQ at public.gmane.org
Mon May 12 22:27:01 UTC 2008
> From: Ansar Mohammed
>
>I am getting increasingly annoyed with the random bots brute forcing
ssh on my public IPs. What do you >guys use?
IPcop and Snort (with subscription and custom download code) plus Dans
Guardian.
IPcop is a good iptables firewall, Snort inspects all the traffic and
rejects what it should and logs the rest. Dans Guardian watches Snort's
logs and when it sees "funny" business it black balls the particular IP
for an hour. I added custom code to download snort rules once a day so
that I stay current with no issues.
That's it. I've blocked .cn .kr and a few other domains for good
measure, and black balled most of the IP's from Asia. No problems... My
logs are getting down right monotonous... :-) The two entries bellow is
all I have to show since Sunday morning...
Guardian Blocks
Sun May 11 08:52:07 2008: 118.168.237.169 [1:2329:7] MS-SQL probe
response overflow attempt
Blocking 118.168.237.169 on eth0
Guardian Unblocks
Sun May 11 09:52:19 2008: expiring block of 118.168.237.169
Unblocking 118.168.237.169 on eth0
--
Jose Dias
jose "dot" dias "at" DiasLan "dot" net
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list