Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:automated responses to probes? (Score 2, Informative) 128

Add a rate limit to your incoming ssh syn connections and drop the ones that go over the rate limit. Also, remove password authentication and only allow rsa authentication. With these together, ssh attacks will disappear from your logs.

For example:
$IPTABLES -A tcp_packets -p TCP -s 0/0 -d $INET_IP --dport 22 -j allowed
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A allowed -p TCP --syn -m limit --limit 3/minute --limit-burst 3 -j ACCEPT
$IPTABLES -A allowed -p TCP -j LOG --log-level "NOTICE" --log-prefix '[DROP:RATE_LIMIT] '
$IPTABLES -A allowed -p TCP -j REJECT
Note. Only turn on the output to log when you want to see what is going on. Otherwise, just comment out that line.

Slashdot Top Deals

"It's my cookie file and if I come up with something that's lame and I like it, it goes in." -- karl (Karl Lehenbauer)

Working...