[NTLUG:Discuss] IP Ranges to block
Rev. wRy
slot0k at pogox.org
Mon Jan 26 15:09:05 CST 2009
On Mon, 2009-01-26 at 14:50 -0600, Rodney Loos wrote:
> I don't know if it is practical for you depending on where you need SSH
> access from, but I took the approach of adding a separate firewall rule
> prior to accepting incoming SSH attempts -- I add networks I know I might
> connect from (home, work, sprint phone, family members' home ip range etc)
> and if the incoming IP is NOT from that range, just DROP it. It takes a
> little work keeping up with changing IP assignments, but it has sure helped
> preventing all those login-attempts from hackers.
Or do it real time with portsentry and have ssh listen on a non-standard
port, such as 22222. They try to connect to ssh, and portsentry
automagically adds them to hosts.deny and iptables.
R
More information about the Discuss
mailing list