Re: SSH Cracking Attempts
From: Tim Kelley (tpk_at_r00tserverz.net)
Date: 09/30/04
- Previous message: Noah Durell: "emu10k1x"
- In reply to: Jacob S: "Re: SSH Cracking Attempts"
- Next in thread: Joe: "Re: SSH Cracking Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 30 Sep 2004 10:02:03 -0500 To: debian-user@lists.debian.org
On Thu, Sep 30, 2004 at 08:58:26AM -0500, Jacob S wrote:
> No, I already have root logins disabled via ssh. Now I'd like to get
> something setup that starts blocking ips automatically when it sees a
> certain number of failed logins. Not blocking based on username, but
> blocking based on ip addresses or even mac addresses (since I notice
> iptables is capable of filtering on mac addresses).
Filtering by MAC address is only possible on your local network,
unless you simply wish to block your own isp's routers. I don't think
one should ever be writing firewall rules based on MAC addresses,
unless you are "fixing" something that is broken and can't be fixed
any other way ... the whole point of the higher level abstraction of
tcp/ip is that we don't have to deal with mac addresses.
There's really no reason to be blocking addresses "automatically"
based on certain criteria; it usually doesn't make you any less
vulnerable and complicates things unneccessarily; it's just more
trouble than it's worth..
-- _ _ _ _ _ _ _ _ _ _ _ _ _ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ ( t | i | m | @ | i | t | . | k | p | t | . | c | c ) \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ GPG key fingerprint = 1DEE CD9B 4808 F608 FBBF DC21 2807 D7D3 09CA 85BF -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Noah Durell: "emu10k1x"
- In reply to: Jacob S: "Re: SSH Cracking Attempts"
- Next in thread: Joe: "Re: SSH Cracking Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
