Re: What to do with attackers?

John L Fjellstad Fri, 04 Nov 2005 17:31:48 -0800

I use iptables with the recent module.
Chain INPUT
target     prot opt source               destination
ACCEPT     tcp  --  localnet/24          anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state 
RELATED,ESTABLISHED,UNTRACKED tcp dpt:ssh
DROP       tcp  --  anywhere             anywhere            tcp dpt:ssh state 
INVALID,NEW recent: UPDATE seconds: 60 name: DEFAULT side: source
ACCEPT     all  --  anywhere             anywhere            state INVALID,NEW 
recent: SET name: DEFAULT side: source


You can't make more than one connection/min unless you are on the local
network.  Works great.
-- 
John L. Fjellstad
web: http://www.fjellstad.org/          Quis custodiet ipsos custodes


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: What to do with attackers?

Reply via email to