Re: Limit the number of erroneous logins of root from the same IP



Moe Trin <ibuprofin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
So the windoze box wasn't offering SSH, and Linux was?

correct.

The ip addresses were all concentrated in one country.

Which one out of curiosity?

..cn

country (or even regions). Everyone blames China as a bad guy, so how

In my case, .cn was the bad guy.

In the firewall - set the default inbound to DROP or REJECT, and then
add the needed rules to connect those IPs or IP ranges you want to
give access to. In my case, that boils down to just five total lines.

For me as well. I have one outside IP address that I can log into from
anywhere. That ISP uses a limit of some sort, with a telnet knock to
reopen for a locked address. From that login, I can go to my home
machine,a nd adjust the allowed list to include my new location, which I
might do for performance reasons, especially if I am running some GUI
remotely. I only allow a couple of subnets, and those have gone away, as
all of the cororate connections seem to come out through one firewall, if
outbound is allowed at all.

for ways to get the firewall simple and solid.

I got the impression from this thread that hosts.allow was more current.
If not, then I'm happy with the iptables. I only allow port 22, and a port
for a special package, from an even more limited set of IPs.

--
Clarence A Dold - Hidden Valley Lake, CA, USA GPS: 38.8,-122.5
.