break-in attempts on my server
Bill Horne
bill at horne.net
Mon Nov 21 06:49:25 EST 2005
Kent Borg wrote:
>On Sun, Nov 20, 2005 at 06:54:44PM -0500, David Kramer wrote:
>
>
>>That's a lot more iptables-fu than I have right now, and I
>>absolutely refuse to install iptables rules I don't understand just
>>because "I found them on the internets".
>>
>>
>
>Dang. I keep trying to get someone to install/figure our those
>iptables rules before I do, and no one I know will bite.
>
>
>
>>I will attempt to understand them, though. Thanks.
>>
>>
>
>Let us know if you do.
>
>-kb
>
Here's my policy:
iptables -A INPUT -s 172.19.213.0/24 -p tcp --dport 22 -j ACCEPT
The input default is DENY: this rule allows only traffic from my
internal network.
N.B.:
1. It's easy to write the rule to cover a range of IP's - and you'll be
amazed at how
few ranges you'll need to cover your likely access points and/or
your friends,
even if they use dialup.
2. As others have said, it's better to use key-based authentication than
to use
passwords. You KNOW they can't guess your key.
3. I prefer to block all RIPE and APNIC IP addresses; it simplifies the
process
a lot and I don't expect to log in from those regions anytime soon.
BIll
--
E. William Horne
William Warren Consulting
Computer and Network Installation & Service
http://www.billhorne.com/
Voice: 781 784-7287
Fax: 781 784-0951
More information about the Discuss
mailing list