[plug] Unwanted knocking

Stuart Midgley stuart.midgley at ivec.org
Thu Jan 19 09:24:20 WST 2006


a modification of

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW - 
m recent --set --name SSH --rsource
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW - 
m recent --update --seconds 60 --hitcount 5 --rttl --name SSH -- 
rsource -j LOG --log-prefix "SSH_brute_force"
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW - 
m recent --update --seconds 60 --hitcount 5 --rttl --name SSH -- 
rsource -j DROP


for iptables is good.  Just need to change port.

Stu.


On 19/01/2006, at 9:17, skribe wrote:

> Hey folks:
>
> I've had 125.234.250.153 knocking at my port 53 all night.   
> Suggestions?
>
> skribe
> -- 
> When the going gets tough, the tough go shopping.
>
> Xaraya Content Management Solutions http://www.xaraya.com/
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>


--
Dr Stuart Midgley
Industry Uptake Program Leader
iVEC, 'The hub of advanced computing in Western Australia'
26 Dick Perry Avenue, Technology Park
Kensington WA 6151
Australia

Phone: +61 8 6436 8545
Fax: +61 8 6436 8555
Email: industry at ivec.org
WWW:  http://www.ivec.org






More information about the plug mailing list