On Sun, 1 May 2005, Paul Jakma wrote:
> # iptables -v -L scans | awk -f ~/scan-table.awk
Another interesting one is my ssh-scan chains:
# iptables -v -L ssh-scan
Chain ssh-scan (1 references)
pkts bytes target
6354 353K recent: SET name: SSH side: source
4601 257K LOG recent: UPDATE seconds: 60 hit_count: 8 TTL-Match name: SSH side: source LOG level warning prefix `SSH Scan: '
4601 257K DROP recent: UPDATE seconds: 60 hit_count: 8 TTL-Match name: SSH side: source
<edited to remove prot, opt, in, out, source, destination, dest-port
and state, which are all: tcp, -, any, any, anywhere, anywhere, ssh
and NEW>
4.6k out of 6.3k NEW ssh packets incoming get DROPped, which is good.
Note that the hit_count above could be set much lower (particularly
for a single IP home machine).
regards,
--
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Fortune:
Advertising is a valuable economic factor because it is the cheapest
way of selling goods, particularly if the goods are worthless.
-- Sinclair Lewis
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
