[Firehol-support] sshd

Brian Snipes Brian at hwnn.com
Tue Sep 27 19:45:21 BST 2005


I use swatch - http://gentoo-wiki.com/HOWTO_Protect_SSHD_with_Swatch 
Instead of adding the rules to a dedicated swatch chain, I insert mine into the INPUT chain and I have my logs check for invalid users.  If an unknown username tries to access the server, a rule is auto inserted to DROP all packets from that IP address and I get an email on it.  If a valid username but an invalid password is tried, I get an email on it. 
 
Brian 

>>>kick <kick at kick.no-ip.info> 09/27/05 1:32 pm >>>
does anyone know if i can block individual ip's easily?
am getting this in my logcheck

Security Events
=-=-=-=-=-=-=-=
Sep 27 02:42:22 irc-firewall-mail sshd[10855]: Illegal user admin from ::ffff:81.223.254.204
Sep 27 02:42:22 irc-firewall-mail sshd[10857]: Illegal user admin from ::ffff:81.223.254.204
thanx in advance :)







-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl

Firehol-support mailing list
Firehol-support at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/firehol-support

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20050927/841b26f1/attachment-0003.html>


More information about the Firehol-support mailing list