annoying brute force attack attempt using ssh
Dave Burns
tburns at hawaii.edu
Thu May 15 18:08:44 UTC 2008
On Thu, May 15, 2008 at 1:10 AM, Scott van Looy <scott at ethosuk.net> wrote:
>[...]
> So I ran
> iptables -A INPUT -s 193.239.125.119 -j DROP
> and was surprised to see them attacks continue
> Anyone got any ideas why?
-A adds the rule without removing any existing ones. It may be that a
pre-existing rule is dealing with those packets, so your rule is not
applied. We would need to see output of iptables -L to know. Well,
actually someone else would, I don't grok iptables rules worth a damn.
You might also want to look into an rpm called denyhosts, which is the
reason why I a) have no customization in my firewall and b) do not
have the same problem as you.
This sort of activity had a big spike this weekend, but seems to have
leveled off. http://stats.denyhosts.net/stats.html
TDB
More information about the fedora-list
mailing list