[geeks] ssh attacks
    Mike Hebel 
    nimitz at nimitzbrood.com
       
    Wed Aug 11 13:59:19 CDT 2004
    
    
  
> On Aug 11, 2004, at 1:30 PM, Mike Hebel wrote:
>
>>
>> I'm an idiot here but I can't think of how to do this using IPF on the
>> firewall box remotely.  If I try and it fuck it up I'm locked out.
>>
>> Would this work:
>>
>>
>> block in quick on le0 proto tcp from $outside_IP to $firewall_IP port
>> = 22
>>
>
> I can't verify the syntax ATM, but yeah, that should block the
> $bad_guy.
Actually for some reason, probably default IP grokking somehwere, that
didn't work.
Thus I changed my ipnat.rules to include:
rdr $outside_IP port 22 -> $nonexistant_internal_IP port 22
Works like a charm.  Now I just have to make sure I remember not to put
anything at that IP.  I chose a different subnet for it on top of
everything.
Mike Hebel
----
"I think we used too much!" - Chris Knight
    
    
More information about the geeks
mailing list