Blacklisting (and blocking) remote sites - blt.tar.gz (0/1)
mneumann at ntecs.de
Fri Dec 28 03:26:53 PST 2007
Joerg Anslik wrote:
An easy solution to this problem (suggested by a friend of mine) is
simply to run sshd on a port other than 22.
Yeah, I considered this, too, but finally came to the conclusion it's
uncool to do so. :-)
Like I said, there are many different ways and applications out there,
enough for everyone to find the one that fits. But I didn't see no
reason to install phython or whatever, just to have some big
application maintain my /etc/hosts.allow.
Okay, I'm using Ruby for such a script ;-)
It's a little bit different, in that I scan various log files for
"invalid username", "wrong password" or other stuff like that, and after
2 wrong attempts I route the IP into a blackhole ("route -blackhole").
They get unblocked after a few hours, because it's not nice to get
routed to blackhole by accident (that happended a few times myself ;-).
More information about the Users