[Techtalk] 216 ssh login attempts, what to do?

David Sumbler david at aeolia.co.uk
Wed Oct 13 21:59:55 EST 2004

On Wed, 13 Oct 2004, Doc Nielsen wrote:

>> So, is there a quickstart quide to iptables, so I can at least get
>> this person off my logs so to speak?
> the quick way to block someone is not using iptables/netfilter...
> the program to use is already in your system.
> route add -host reject
> where the ip is the scanners addr.
> This method could very well be called a null route.

I think what the OP was looking for (and I would be, too) is something
that will block an IP from which _unexpected_ attempted ssh logins

The above won't do it, because we don't know the attackers IP until it



More information about the Techtalk mailing list