[NTLUG:Discuss] Firewall blacklist monitor
Rev. wRy
slot0k at pogox.org
Wed Apr 21 09:45:08 CDT 2010
On Wed, Apr 21, 2010 at 08:13:20AM -0500, Greg Edwards wrote:
> I've been looking for a firewall blacklist monitoring and management
> tool. I'm looking for something that will monitor activity and
> automatically add and remove addresses from a dynamic blacklist. My
> primary need is to stop ssh login attempts.
There are a few things I normally do to stop ssh login attempts from
unauthorized hosts:
1) have ssh listen on a non-standard port instead of port 22.
2) portsentry to automagically ban hosts that insist on attempting port 22.
3) use /etc/hosts.allow to allow only specific hosts to connect to sshd.
4) disable sshd from listening on ipv6.
RW
(portsentry available at http://sourceforge.net/projects/sentrytools/ )
More information about the Discuss
mailing list