[CentOS] Iptables questions

Wed Aug 11 05:43:06 UTC 2010
Ned Slider <ned at unixmail.co.uk>

On 11/08/10 00:12, Bob Hoffman wrote:
> Forgive me if this does not go with the right topic, I am on digest and
> responding to a topic sometimes makes it start a new one.
>
> My reason for the iptables questions is to not follow the practice of
> putting up a wall and ignoring hackers.
> I want to be more proactive.
>
> If I have set my ssh port to 55994 and am not using port 22, but hackers are
> pounding on my port 22 looking for
> Ssh, then I want to not only know about it, I want to log them and prevent
> them access to my server and web applications.
> At least temporarily.
>

Do you have any evidence that those IPs banging away on port 22 are also 
attacking other ports? Don't get me wrong, I'm all for getting proactive 
with security but I'm not convinced site wide blocking of IPs probing 
port 22 will translate to other services.

After moving ssh to an alternative port, I typically see around 3 probes 
a day on port 22 in my firewall logs. How many are you seeing? If it's 
significantly more than that, why?