Nigel Gaylard wrote:
Hi All
I would like to create a list of IP address's that should be denied all access to my server. I have currently 2 or 3 people making a deliberate effort to hack into my SSH port, and so I would like to deny them access to it at firewall level, as well as all other ports. I can't seem to find information in the Suse documentation on firewall2.
This is probably pretty late now, but in addition to the actions on the firewall, I would consider putting up a honeypot. I would move the actual machine to another IP-address and give the address under attac to the honeypot. Monitor carefully and you might fool them. Also, if you have IP-Addresses, you can look up the owners. You might contact those (via e-mail or regular mail). That way you would actually do something against the attackers, instead of 'only' trying to keep them out. My 0,02 Euro, Stefan