[PLUG] Can iptables Block a Range of IPs?
Galen Seitz
galens at seitzassoc.com
Sun Jun 29 21:38:56 UTC 2008
Bill Thoen wrote:
> For instance, jerks from these addresses all tried to use brute force
> methods to try to guess passwords on various account names. Is there
> some way to detect when the same IP is trying to log in and failing, say
> more than 3 times per minute, and then automatically banning them for 10
> minutes (or even forever)?
>
> It seems to me that there are obvious patterns to many attacks, and I
> was wondering if there's any tools available that can recognize them and
> do something about it as it's happening. One of these guys banged away
> for nearly 1200 guesses before he gave up, but in hockey, the more shots
> on goal you take, the more you're going to score, and I guess it's the
> same in hacking. I'm looking for a good goalie script!
As previously suggested, you want the denyhosts package.
http://denyhosts.sourceforge.net/
https://admin.fedoraproject.org/pkgdb/packages/name/denyhosts
galen
More information about the PLUG
mailing list