on 8-10-2010 3:08 PM Keith Roberts spake the following:
On Tue, 10 Aug 2010, John R Pierce wrote:
To: CentOS mailing list centos@centos.org From: John R Pierce pierce@hogranch.com Subject: Re: [CentOS] Iptables questions
On 08/10/10 1:30 PM, Bob Hoffman wrote:
- I have switched my SSH to a different port. I would like to still check
for anyone trying to hit the old port 22 and log them. At the same time add them to a reject/ban for a certain period of time, lets say 1 day.
If nothing is listening on that port, then whats to 'ban' ?
I think what Bob wants to do is to move his sshd to another non-standard port, and leave port 22 open. Then see what's trying to access that. I guess you could run another 'dummy-sshd' type program to listen on port 22, in place of the real sshd, and then log all incoming packets on that port?
IIRC sshd logs all connection attempts anyway?
IPtables can log packets coming in to any particular port. I don't think the port needs to be open for IPtables to log a packet headed for that particular port?
I log ALL packets coming into my firewall, and then purge the logs with a cron job every 24 hours.
Kind Regards,
Keith Roberts
A tarpit would be good on there... Answer the port and just trickle back the handshake to keep the client waiting for a long time