[CentOS] Paranoid Firewalling
Scot L. Harris
webid at cfl.rr.com
Sat Oct 8 19:44:20 UTC 2005
On Sat, 2005-10-08 at 13:50, Sam Drinkard wrote:
> Looking at that perl script gave me an idea, but yet a question. I
> notice there is a line that says something about "Max Retries". Is that
> something that is configurable somewhere, or can be turned on?
> I know there have been long discussions about blocking the brute force
> attempts at breakins, but at the time I did not see much need for it.
> Not long after that, I started seeing somewhere between 100 and as high
> as 800 attempts to break in via the sshd. Not that I'm too worried
> about someone guessing a password, but in those numbers, it does take
> some bandwidth. I'd like to see something like Max Retries of 3, so if
> someone tries 3 times to guess the password, or different usernames, it
> would throw their IP/hostname into the /etc/hosts.deny file,
> permanently. BSD does things a bit different, in that the hosts.allow
> does both the allows and the denies, making hosts.deny pretty much
> moot. Given those thoughts, what kind of something is available to do
> just that -- the max retries thingy?
Would you not get the same or better results by moving the sshd port to
something other than the default? Would not have to spend any resources
on tracking IP addresses.
More information about the CentOS