[CentOS] Simple way to banish IP addresses ?

Fri Oct 9 20:11:10 UTC 2009
Keith Keller <kkeller at speakeasy.net>

On Fri, Oct 09, 2009 at 08:35:25PM +0200, Niki Kovacs wrote:
> 
> I just set up a web server... and my bandwidth is being eaten by some 
> chinese folks trying to brute-force-ssh their way into the machine.
> 
> Is there a simple way to banish either single IP addresses or, maybe 
> even better, whole IP classes ? I know it's feasible with iptables, but 
> is there something more easily configurable ?

I also use denyhosts.  The memory footprint is not quite so bad for one
host; mine is currently using 13m of resident memory, and a total of 92m
of shared memory (from top).  But I do see running hundreds of denyhosts
processes could be a memory issue; perhaps it could be hacked to run on
the main host and propagate its entries to the virtual hosts.

Anyway, the main issue with denyhosts, and even iptables, is that the
traffic still comes over your line.  If you have a slow link, the
attacks are still going to eat your bandwidth, which can be frustrating.
Apart from getting your ISP to block them at the other end, I don't know
a good solution to this problem.  (It is alleviated somewhat if the
attackers realize they've been blocked and move on, so an iptables
solution might be a bit better.)

--keith

-- 
kkeller at speakeasy.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20091009/87aff832/attachment-0005.sig>