Re: SSH hank attempts��bad?

Chris Carey chris.carey at gmail.com
Wed Apr 12 08:22:16 MDT 2006


On 4/12/06, Gary Thornock <gthornock at yahoo.com> wrote:
> So far, I've just added the offending hosts to a table in
> /etc/pf.conf and denied them access to all ports, something like:
>
> #####
> table <badssh> { \
>   24.222.2.26, 24.232.121.93, 24.48.67.72, 61.206.117.59,       \
>   61.63.10.210, 61.71.120.170, 62.112.223.131, 64.251.27.173,   \
>   64.58.235.163, 64.71.150.51, 66.120.42.38, 66.146.155.143,    \
>   # several rows trimmed for brevity
>   221.232.160.115, 221.6.69.10                                  \
> }
>
> # snip a few other pf rules
>
> block in quick on $ext_if from <badssh>
> #####
>
> This has been very effective.  I rarely need to add an additional
> host to the deny table.  Something similar would doubtless work in
> iptables, too, if that's your preference.
>
> Denyhosts looks like an interesting alternative, though.  I think
> I'll try it out :)
>
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>

If you want a very nice dynamic port blocker , try  Port Scan Attack
Detector (PSAD) http://www.cipherdyne.com/psad/

Though, you could spend your whole life fighting this losing battle.
My opinion is to set your security in place, and forget about it.

--
Chris Carey



More information about the PLUG mailing list