[Techtalk] 216 ssh login attempts, what to do?
David Sumbler
david at aeolia.co.uk
Wed Oct 13 21:59:55 EST 2004
On Wed, 13 Oct 2004, Doc Nielsen wrote:
>> So, is there a quickstart quide to iptables, so I can at least get
>> this person off my logs so to speak?
>
> the quick way to block someone is not using iptables/netfilter...
> the program to use is already in your system.
>
> route add -host 202.222.202.222 reject
>
> where the ip is the scanners addr.
> This method could very well be called a null route.
I think what the OP was looking for (and I would be, too) is something
that will block an IP from which _unexpected_ attempted ssh logins
come.
The above won't do it, because we don't know the attackers IP until it
happens!
David
--
More information about the Techtalk
mailing list