[plug] Unwanted knocking
Stuart Midgley
stuart.midgley at ivec.org
Thu Jan 19 09:24:20 WST 2006
a modification of
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW -
m recent --set --name SSH --rsource
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW -
m recent --update --seconds 60 --hitcount 5 --rttl --name SSH --
rsource -j LOG --log-prefix "SSH_brute_force"
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW -
m recent --update --seconds 60 --hitcount 5 --rttl --name SSH --
rsource -j DROP
for iptables is good. Just need to change port.
Stu.
On 19/01/2006, at 9:17, skribe wrote:
> Hey folks:
>
> I've had 125.234.250.153 knocking at my port 53 all night.
> Suggestions?
>
> skribe
> --
> When the going gets tough, the tough go shopping.
>
> Xaraya Content Management Solutions http://www.xaraya.com/
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
--
Dr Stuart Midgley
Industry Uptake Program Leader
iVEC, 'The hub of advanced computing in Western Australia'
26 Dick Perry Avenue, Technology Park
Kensington WA 6151
Australia
Phone: +61 8 6436 8545
Fax: +61 8 6436 8555
Email: industry at ivec.org
WWW: http://www.ivec.org
More information about the plug
mailing list