-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2008-11-22 at 09:49 -0000, Bob Williams wrote:
On Saturday 22 November 2008 08:43:14 Carlos E. R. wrote:
On Saturday, 2008-11-22 at 00:52 -0600, David C. Rankin wrote:
What is that automated Block??? package that updates your hosts.deny file if you have x attempts in y minutes from an IP?
You can use the automated block mechanism included in susefirewall. Simply activate it.
Carlos, can you give chapter & verse on where to find the automated block mechanism, please? It's early morning and I'm not feeling very clever :(
:-) Not that well know, I see. It is "FW_SERVICES_ACCEPT_EXT" in /etc/sysconfig/SuSEfirewall2. It will block repeated attempts to connect from the same IP to a port you list there, in a given interval. Like: FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" Beware: you should not open port 22 in FW_SERVICES_EXT_* or FW_TRUSTED_NETS, because they take precedence. This method is fast and low on CPU ussage. But it accts on any attempt, regardless if it succeeds or not; I don't know how long they are blocked. The bandits will not get any message, I think.
I've also been getting the attacks that David describes, mostly from addresses in China, but once from Brazil. But maybe they've been spoofed?
I only see attempts on 135 and 445. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkn65oACgkQtTMYHG2NR9XjcACfTDn6Jn10fK1M092gQa0WnK96 6mYAnjbDKaJ/EPzgbCNxQEnmf8xN307y =8SQO -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org