on 8-10-2010 3:08 PM Keith Roberts spake the following: > On Tue, 10 Aug 2010, John R Pierce wrote: > >> To: CentOS mailing list <centos at centos.org> >> From: John R Pierce <pierce at hogranch.com> >> Subject: Re: [CentOS] Iptables questions >> >> On 08/10/10 1:30 PM, Bob Hoffman wrote: >>> 1) I have switched my SSH to a different port. I would like to still check >>> for anyone trying to hit the old port 22 and log them. At the same time add >>> them to a reject/ban for a certain period of time, lets say 1 day. >> >> If nothing is listening on that port, then whats to 'ban' ? > > I think what Bob wants to do is to move his sshd to another > non-standard port, and leave port 22 open. Then see what's > trying to access that. I guess you could run another > 'dummy-sshd' type program to listen on port 22, in place of > the real sshd, and then log all incoming packets on that > port? > > IIRC sshd logs all connection attempts anyway? > > IPtables can log packets coming in to any particular port. I > don't think the port needs to be open for IPtables to log a > packet headed for that particular port? > > I log ALL packets coming into my firewall, and then purge the > logs with a cron job every 24 hours. > > Kind Regards, > > Keith Roberts A tarpit would be good on there... Answer the port and just trickle back the handshake to keep the client waiting for a long time