[CentOS] Iptables questions

Tue Aug 10 23:42:19 UTC 2010
Whit Blauvelt <whit at transpect.com>

On Tue, Aug 10, 2010 at 07:12:59PM -0400, Bob Hoffman wrote:

> I have a server sitting right on the net and the constant barrage of 100s of
> Ips trying thousands of times at port 22 is insane.

You're quite sane. Anyone likely to hit your ssh at its new port is likely
to try port 22 first. So if they show up there first, blocking them is good
- unless you have legitimate users who may forget to go to your special port
and so get locked out after trying the default port first.

There are several packages that integrate port scanning detection with
iptables rule generation. One such is here:

http://cipherdyne.org/psad/

- Whit