[Techtalk] 216 ssh login attempts, what to do?
david at aeolia.co.uk
Wed Oct 13 21:59:55 EST 2004
On Wed, 13 Oct 2004, Doc Nielsen wrote:
>> So, is there a quickstart quide to iptables, so I can at least get
>> this person off my logs so to speak?
> the quick way to block someone is not using iptables/netfilter...
> the program to use is already in your system.
> route add -host 188.8.131.52 reject
> where the ip is the scanners addr.
> This method could very well be called a null route.
I think what the OP was looking for (and I would be, too) is something
that will block an IP from which _unexpected_ attempted ssh logins
The above won't do it, because we don't know the attackers IP until it
More information about the Techtalk