Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: [suse-security] Deny IP address's
  • From: Holger Schletz <h.schletz@xxxxxxxxx>
  • Date: Tue, 29 Jul 2003 23:38:32 +0200
  • Message-id: <200307292338.33039.h.schletz@xxxxxxxxx>
Hi,

First of all, blocking specific IP addresses will offer no protection if the
attack came from a public dial-in-ISP where the address may change every
time. Even if the attacker always uses the same IP address (which would be
very unwise) he might try the same stuff from a different location (with a
different address).

But if it helps you sleep better, add a custom iptables rule in
/etc/sysconfig/scripts/SuSEfirewall2-custom and activate this script in the
main config file.

Better protection will be accomplished by explicitly securing the SSH service
(and the other services as well). The default config is fairly secure, but
can possibly be enhanced. For example, disable protocol 1 unless you really
need it.

Good night,
Holger


Am Dienstag, 29. Juli 2003 21:27 schrieb Nigel Gaylard:
> Hi All
>
> I would like to create a list of IP address's that should be denied all
> access to my server. I have currently 2 or 3 people making a deliberate
> effort to hack into my SSH port, and so I would like to deny them access to
> it at firewall level, as well as all other ports. I can't seem to find
> information in the Suse documentation on firewall2.
>
> Many thanks
>
> Nigel Gaylard


< Previous Next >
References