> Hi, > > to prevent scripted dictionary attacks to sshd > I applied those iptables rules: > > -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent > --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP > -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set > --name SSH --rsource What I have done to totally thwart script-kiddy attacks against SSH is to 1) Move sshd to another port, one higher than 5000 2) configure SSH for RSA-KEY authentication ONLY IE no PAM auth 3) Set up Fail2Ban to auto ip-table block ANY offending IPs after 5 tries. Script kiddies assume ssh is on port 22, and mosr posr scans don't go as high as 5000. Since I implement this strategy a month ago, I have seen ZERO attempts against SSH > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >