Menu
▾
▴
Re: [Sshguard-users] Is sshguard working?
|
From: James H. <jam...@gm...> - 2015-08-13 20:04:42
|
The drop or reset is another reason to use a table and allow the end user define the rule/action. I can see some people will want drop others want reset, some may prefer logging, and some might want to redirect to a honeypot. I would suggest that sshguard should do the one thing well, scan for attacks and place the source of those attack on a well know table/list. This requires users to execute a few command, create table, reference table but that puts the responsibility of doing the correct thing clearly in their hands. On Thu, Aug 13, 2015 at 12:56 PM, Willem Jan Withagen <wj...@di...> wrote: > On 13-8-2015 17:10, Kevin Zheng wrote: > > On 08/12/2015 20:32, li...@la... wrote: > >> I downloaded the development version. Running sshguard -v indicates > 1.6.0. > > > > You'll need to add a rule that looks something like this: > > > > reset ip from table (22) to me > > > > Keep in mind that 'ipfw' is a first-rule-wins firewall, which means that > > if you have a rule that allows SSH connections, your SSHGuard rule must > > have a higher rule number in order to block attacks. If you are adding > > the rule from a shell, parenthesis must be escaped. > > I understand what you say, but I think you ment to say the lowest > number? Since parsing start at the lowest (first-rule) number. > > > > # ipfw add 50 reset ip from table \(22\) to me > > I would not even reset the connection. > Just drop/deny it, and the client needs to time it out. > > These are bad guys, anything you can do to delay them should be done. > > --WjW > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users > -- James Harris Software Engineer jam...@gm... |
