Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] dropping any IP that tries port 22?
- Date: Fri, 19 Jan 2007 14:23:28 +0900 (JST)
- From: scott@example.com
- Subject: [tlug] dropping any IP that tries port 22?
- User-agent: SquirrelMail/1.4.8-2.el4.centos4
Hi everyone, I've been using knockd and running sshd on a nonstandard port now for a while and it's been great. Logfiles are no longer filled up with script kiddy hack attempts at port 22. However I was thinking I would like to be more proactive, and instead set something up where anytime somebody hits port 22 on my server it automatically bans them. The thinking behind this is if they are knocking where they shouldn't, they are probably up to no good. I was thinking of running some other service on port 22 that would simply write the IP address of anything that pinged it or whatever to a logfile, then have fail2ban scan that logfile and ban all the IPs within indefinately. Anybody have any thoughts on what I could run that could create this kind of logfile? Maybe this could be done with snort? Cheers, Scott VanDusen Tokyo
- Follow-Ups:
- Re: [tlug] dropping any IP that tries port 22?
- From: Birkir A. Barkarson
- [tlug] dropping any IP that tries port 22?
- From: Stephen J. Turnbull
- Re: [tlug] dropping any IP that tries port 22?
- From: Kevin Coyner
- Re: [tlug] dropping any IP that tries port 22?
- Prev by Date: [tlug] Dell bios updates via Linux Bisodisk
- Next by Date: Re: [tlug] dropping any IP that tries port 22?
- Previous by thread: [tlug] Dell bios updates via Linux Bisodisk
- Next by thread: Re: [tlug] dropping any IP that tries port 22?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |