Re: SSH hank attempts��bad?

Steve smorrey at gmail.com
Wed Apr 12 00:12:20 MDT 2006


Too bad there isn't a global blacklist a person could subscribe to,
that way if you notice that you need to add someone to your block
list, you could notify some service and they would add it to the
global blacklist.  Then anyone subscribing to the blacklist could get
an update and block that IP until the admin of that IP fixes the
problem, and reports this fact back to the blacklist.

On 4/12/06, Gary Thornock <gthornock at yahoo.com> wrote:
> So far, I've just added the offending hosts to a table in
> /etc/pf.conf and denied them access to all ports, something like:
>
> #####
> table <badssh> { \
>   24.222.2.26, 24.232.121.93, 24.48.67.72, 61.206.117.59,       \
>   61.63.10.210, 61.71.120.170, 62.112.223.131, 64.251.27.173,   \
>   64.58.235.163, 64.71.150.51, 66.120.42.38, 66.146.155.143,    \
>   # several rows trimmed for brevity
>   221.232.160.115, 221.6.69.10                                  \
> }
>
> # snip a few other pf rules
>
> block in quick on $ext_if from <badssh>
> #####
>
> This has been very effective.  I rarely need to add an additional
> host to the deny table.  Something similar would doubtless work in
> iptables, too, if that's your preference.
>
> Denyhosts looks like an interesting alternative, though.  I think
> I'll try it out :)
>
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>



More information about the PLUG mailing list