For those of you not yet using a port-knocker or otherwise getting irritated with the crap all the script kiddies are filling your system logs with from endless connections against your sshd, this article is for you. Just two (or four, if you like logging) slightly obfuscated lines of iptables, and you can not only stop the lamers, you can slow their scripts down. (Something that's bound to get me packeted sooner or later, but whatever) This is quite portable to anything that's got a reasonably recent version of iptables (1.3.x) installed. You only need the barest of netfilter support in the Linux kernel. |