[CentOS] SSH attacks from china

Fri Jul 24 11:00:45 UTC 2009
Eduardo Silvestre <eduardo.silvestre at nfsi.pt>

I'm using ssh port knocking.


Eduardo Silvestre
nfsi telecom, lda.

eduardo.silvestre at nfsi.pt
Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301

----- Original Message -----
From: "Andreas Rehmer" <rehmer at teltarif.de>
To: "CentOS mailing list" <centos at centos.org>
Sent: Sexta-feira, 24 de Julho de 2009 12H04m GMT +00:00 GMT Britain, Ireland, Portugal
Subject: Re: [CentOS] SSH attacks from china


i am using the following way to dissallow ssh connects without having the 
Problem of specific IPs or something else.

Before you get access to the machine you must visit a webpage protected by 
httpauth. This start a small script that put the Remote Adress into a 
list. Only if your ip is on the list and not older than 5 min. you gain 
access via ssh.

For this i used only iptables the Skript and apache.
The only Problem is when the httpd hangs on.

If you want more Information write me.

Reg. Rehmer

rehmer at teltarif.de
CentOS mailing list
CentOS at centos.org