On Wed, 2004-09-29 at 21:10, Nicolas wrote: > > So, my question is this. Is there a way to tell ssh to refuse > > connections from an ip address after a certain number of failed login > > attempts, or is snort the only way to do something like this? So far > > I've been taking the manual approach, blocking the ip address with > > my firewall after I see it hitting the logs, but that can give them > > about an hour to play before I notice it (e-mailed to me by logcheck). > > > > Any suggestions? > > If you dont have to much user who log in your server, you can allow only them > from specific IP to log in. Or you can disable the password facility and > only use keys (we do it this way at the job, It's also what I do at home). > > Nic Cola > > P.S. > Just for the fun of it, you can also tarpit the IP of the script kiddy ;o) Sorry to change the subject and sound dumb, but how would 1 go about setting up a tarbit? any urls ?? > > -- > () ascii ribbon campaign - against html e-mail > /\ - against microsoft attachments -- *---------------------------------------------------------* | Glyn Tebbutt | [EMAIL PROTECTED] | |--------------' http://homepage.ntlworld.com/d3c3it | | gpg-key: http://homepage.ntlworld.com/d3c3it/d3c3it.gpg | | Lisa, if you dont like your job you dont strike, | | just go in everyday and do it really half-assed | | Thats the American way. -Homer Simpson | *---------------------------------------------------------*
signature.asc
Description: This is a digitally signed message part
