* Danesh Daroui <Danesh.D@bredband.net> [07-01-08 19:24]:
I have set up a SSH server for few weeks ago. During these weeks my server has been under very very intensive brute force attacks (I have no idea how these bastards found my address). I would like:
1. Disable ping. (I actually have added a rule to IP tables to drop all ping packets but it still respond to it!)
Yast2 -> sysconfig editor -> Firewall -> SuSEfirewall2 -> FW_ALLOW_PING_FW FW_ALLOW_PING_DMZ FW_ALLOW_PING_EXT
2. Ban some known IP addresses which are those addresses which are already used for attack. 3. Ban an IP address which tries to login with wrong username or password more than three times.
edit /etc/sysconfig/SuSEfirewall2 FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" then in /etc/sysconfig/scripts/SuSEfirewall2-custom at: fw_custom_after_antispoofing() iptables -I INPUT 1 -s <ip-address>/24 -j DROP w/o the gt/lt brackets.
Any help will be appreciated. I would also like to know if it is the only way to perform these tasks using IP tables or there are any other ways to do so. I am using a P4 PC with one network card and OpenSuSE 10.3 installed.
look at packages, fail2ban and DenyHosts -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org