[H-GEN] iptables autoblocking
Anthony Irwin
irwa82 at yahoo.com
Wed Jul 20 03:10:36 EDT 2005
Hi everyone,
I have been looking through my logs and noticed that
over the last month I have had a large number of
different ip addresses trying to login to my system
via ssh with generated user names.
I was wondering if there is a way I could easily write
a script that automatically added invalid user login
attempts via ssh to be blocked in iptables and added
to a block list.
below is a sample of my /var/log/auth.log file.
Jul 20 10:30:41 localhost sshd[31205]: Illegal user
test from 210.53.138.21
Jul 20 10:30:44 localhost sshd[31207]: Illegal user
test from 210.53.138.21
Jul 20 10:30:47 localhost sshd[31209]: Illegal user
guest from 210.53.138.21
Jul 20 10:30:50 localhost sshd[31211]: Illegal user
guest from 210.53.138.21
Jul 20 10:31:00 localhost sshd[31217]: Illegal user
daniel from 210.53.138.21
Jul 20 10:31:06 localhost sshd[31221]: Illegal user
admin from 210.53.138.21
Jul 20 10:31:10 localhost sshd[31223]: Illegal user
admin from 210.53.138.21
I would really like to be able to automatically block
such attacks. I have thought about limiting ssh to
certain ip addresses but would prefer to leave it open
so I can login from anywhere.
Any suggestions would be apreciated.
Kind Regards,
Anthony Irwin
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the General
mailing list