[olug] attempted attacks
Christopher Cashell
topher at zyp.org
Tue Mar 8 16:48:20 UTC 2005
At Tue, 08 Mar 05, Unidentified Flying Banana Noel Leistad, said:
> hosts.deny for whatever the reported whois network is. Harsh, but effective.
Or, slightly better yet:
sudo iptables -A INPUT -s EVIL_IP_GOES_HERE -j DROP
Or, even better than that, go with active protection. There are a
handful of applications out there that can actively "defend" your
machine when certain activities are detected. Examples include adding a
temporary iptables rule blocking access to an IP address when excessive
scanning is detected, or adding a temporary iptables rule blocking access
when excessive failed logins are detected, etc.
--
| Christopher
+------------------------------------------------+
| Here I stand. I can do no other. |
+------------------------------------------------+
More information about the OLUG
mailing list