While all our servers are firewalled we leave the SSH port open as it is a connection of last resort for administrators when the server cannot be contacted by any other means. While we have strict password policies this does no stop an incessant bombardment of dictionary attacks on those SSH ports.
I was also noticing my logs filling up with endless futile attempts from China to log in as root (the root account is disabled; duh!) to my unix box. While I was confident that my security wuld not be breached I wanted to be able to abruptly cut off these hackers so they would know they had been hacked in return.
I used the BSD built in host.deny feature as a simple way to cut-off hacking hosts and married it with a perl script from pettingers.org running as a daemon to manage and purge the hosts in the blacklist. I’ve written up instructions on how to implement the auto-blacklist in one of my HowTos.
Recent Comments