 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Dan wrote: > > Second, you want to run a firewall on the machine that rejects > excessive connection attempts. This iptables fragment: > > iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m > recent \ --set > iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m > recent \ --update --seconds 60 --hitcount 4 -j DROP > > will generally prevent scriptkiddies from brute-forcing your SSH > accounts, by limiting connection attempts to 3 per minute per IP > address. So, then, adding this line in the middle: iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \ --set iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \ -j LOG --log-level WARN --log-prefix REJECT-SSH --log-ip-options iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \ --update --seconds 60 --hitcount 4 -j DROP Should allow me to log this also? -Don
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
