Re: [tlug] Blocking bad sshd bruteforce attempt

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "Joe" == Joe Larabell <fred62@???> writes:

    Joe> One more thought on this. I recall reading a howto a while
    Joe> back (too lazy to google it right now) that showed how to
    Joe> set-up a daemon on the target machine to watch for SYN
    Joe> packets to some combination of ports in sequence and *only
    Joe> then* would it open up a hole in the firewall.

That's what knockd does.

You could probably implement it at the TCP/IP stack level with an
especially tricky set of stateful rules, too.


-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.