Blacklisting (and blocking) remote sites - blt.tar.gz (0/1)

Michael Neumann mneumann at ntecs.de
Fri Dec 28 03:26:53 PST 2007


Joerg Anslik wrote:
Hmm,

An easy solution to this problem (suggested by a friend of mine) is
simply to run sshd on a port other than 22.
Yeah, I considered this, too, but finally came to the conclusion it's
uncool to do so. :-)
Like I said, there are many different ways and applications out there,
enough for everyone to find the one that fits. But I didn't see no
reason to install phython or whatever, just to have some big
application maintain my /etc/hosts.allow.
Okay, I'm using Ruby for such a script ;-)
It's a little bit different, in that I scan various log files for 
"invalid username", "wrong password" or other stuff like that, and after 
2 wrong attempts I route the IP into a blackhole ("route -blackhole").
They get unblocked after a few hours, because it's not nice to get 
routed to blackhole by accident (that happended a few times myself ;-).

Regards,

  Michael





More information about the Users mailing list