[CentOS] Iptables questions

Tue Aug 10 22:30:34 UTC 2010
Scott Silva <ssilva at sgvwater.com>

on 8-10-2010 3:08 PM Keith Roberts spake the following:
> On Tue, 10 Aug 2010, John R Pierce wrote:
> 
>> To: CentOS mailing list <centos at centos.org>
>> From: John R Pierce <pierce at hogranch.com>
>> Subject: Re: [CentOS] Iptables questions
>>
>>  On 08/10/10 1:30 PM, Bob Hoffman wrote:
>>> 1) I have switched my SSH to a different port. I would like to still check
>>> for anyone trying to hit the old port 22 and log them. At the same time add
>>> them to a reject/ban for a certain period of time, lets say 1 day.
>>
>> If nothing is listening on that port, then whats to 'ban' ?
> 
> I think what Bob wants to do is to move his sshd to another 
> non-standard port, and leave port 22 open. Then see what's 
> trying to access that. I guess you could run another 
> 'dummy-sshd' type program to listen on port 22, in place of 
> the real sshd, and then log all incoming packets on that 
> port?
> 
> IIRC sshd logs all connection attempts anyway?
> 
> IPtables can log packets coming in to any particular port. I 
> don't think the port needs to be open for IPtables to log a 
> packet headed for that particular port?
> 
> I log ALL packets coming into my firewall, and then purge the 
> logs with a cron job every 24 hours.
> 
> Kind Regards,
> 
> Keith Roberts
A tarpit would be good on there... Answer the port and just trickle back the
handshake to keep the client waiting for a long time