31 Aug
2006
31 Aug
'06
6:34 a.m.
On 2006-08-30 19:57:00 -0400, John Peacock wrote:
Cool! I need this for ssh dictionary attacks anyways, so I'll test it out now and the when the Dovecot changes are ready, I'll test it further...
[[[ iptables -A input_ext -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force attack " iptables -A input_ext -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP iptables -A input_ext -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT ]]]
works perfectly for me. and i dont need to rely on log files
darix
-- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org