| Linode Forum https://forum.linode.com/ |
|
| New entry for deny hosts, action needed? https://forum.linode.com/viewtopic.php?f=19&t=7697 |
Page 2 of 2 |
| Author: | Azathoth [ Thu Sep 08, 2011 9:01 pm ] |
| Post subject: | |
I like to move SSH to a higher port, and then use fail2ban to blast anything that touches port 22 for good 24 hours. Of course, any failed auth attempt to the real SSH port gets blasted too (using pubkey of course). |
|
| Author: | Ericson578 [ Fri Sep 09, 2011 12:18 pm ] |
| Post subject: | sharing is caring |
Azathoth wrote: I like to move SSH to a higher port, and then use fail2ban to blast anything that touches port 22 for good 24 hours. Of course, any failed auth attempt to the real SSH port gets blasted too (using pubkey of course).
Care to share your config options to accomplish that. Would save me a little google-fu 
|
|
| Author: | Azathoth [ Fri Sep 09, 2011 5:28 pm ] |
| Post subject: | |
Firewall (iptables): Code: ... fail2ban filter: Code: [Definition] fail2ban jail config: Code: [ssh-22] What I'll probably do though is to put the iptables log at the end of teh valid input chain and not assigned to any port, so that I can ban anything that touches any port other than active enabled services. IMHO this should break any portscan attempt assuming they start at lower ports and work upwards. |
|
| Author: | mnordhoff [ Fri Sep 09, 2011 5:47 pm ] |
| Post subject: | |
If you're busy banning port scans, I hope you don't run an IRC client... |
|
| Author: | Ericson578 [ Fri Sep 09, 2011 6:02 pm ] |
| Post subject: | |
I don't run irc, but that reminds me I wanted to implement a web based chat at some point, thanks 
|
|
| Page 2 of 2 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|