[TriLUG] Iptables question
Mark Fowle
mark at thefowles.com
Sun Mar 17 23:05:46 EST 2002
Thanks Jon I will set up a script. It looks like the hack attempts are
from the same country .fr and .nl every other night - they average
about 25-50 attempts and then stop...
Thanks,
Mark
Jon Carnes wrote:
> NBD - I do this all the time.
>
> Setup a script to monitor your logs and if there are 3 bad attempts in the
> past minute, activate an iptables or ipchains rule blocking the site. Have
> the script activated via cron every minute. (or simply have it scan your
> logs continuously)
>
> You might also want to record the bad site and time info into a separate log
> and drop your ban after 10 minutes or after the site stops trying to attach
> to your site.
>
> Good Luck - Jon Carnes
> --- Original Message: Sunday 17 March 2002 09:12 am ---
>
>>Is there a way to setup a rule that says, if I can more than X number of
>>failed attempts from an inbound IP, to have the system set up a rule
>>that will block that IP?
>>
>>IE: if 62.45.93.116 makes more that 3 attempts - the system will block
>>62.45.93.0/0 from reaching the system?
>>
>>Thanks,
>>Mark
>>
>>_______________________________________________
>>TriLUG mailing list
>> http://www.trilug.org/mailman/listinfo/trilug
>>TriLUG Organizational FAQ:
>> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>
>
More information about the TriLUG
mailing list