How to block IP range of China Russia and other countries.
My server was attacked by china, russia, and from other countries via ssh. I use ssh from other part of the network like internet to access my home server. I just want to know how to add ip range of other country in hosts.deny file.
|
Think Again.
Does "attack" mean successfully logged into your server? Or, does it mean script kiddies banging away at ssh with a dictionary attack and never getting in. If it's the latter, it never ends.
If you really want to block IP's then the firewall is the better place to implement this. Iptables has everything you need. Maybe you should consider switching to PKI authentication for ssh? 'Easier' solutions are changing the port ssh listens on and using strong passwords. |
Quote:
Scanning is one thing. Attacking is another. We all interpret things differently, but those bruteforce attempts are actual login attempts (and nothing like nmap scanning [not saying that that's condoned, either])... He can block this via the sshd config file, use denyhosts or any other host-level autoblocking tool, or even use a local (or network) firewall. All of this and more is covered in the "SSH" sticky thread at the top of the security forums. |
Quote:
|
This page may be of interest to the OP and contains a list of IP ranges for the regions with the highest level of malicious traffic. http://www.countryipblocks.net/
Personally, I think that blocking such ranges in an attempt to gain security is a futile effort at best. While you may cut down on some of the noise traffic, the only thing you will accomplish is to guarantee is that whoever gains access to your system either originates from or proxies through a different region. You efforts would be MUCH better spent securing your system against ALL attacks. The previous posts in this thread have already given you the tools on how to do this. |
Quote:
|
Quote:
Guys, I also configured iptable as it was shown on this discussion and let see how it works. One more question how to check if iptables drops the packet to responed incoming attack? |
Quote:
Quote:
|
Quote:
|
It is a listing of IPs that should not be blocked by denyhosts.
|
Quote:
|
Quote:
|
Quote:
|
Quote:
I suggest reading the whole FAQ, then maybe googling denyhosts to determine how others are using it and how others are configuring it....visiting the denyhosts webpage should be enough, though. |
Quote:
linux .opennet .ru /tips /info/ 1969.shtml GO TO TRANSLATE.GOOGLE.COM |
All times are GMT -5. The time now is 04:14 PM. |