Re: [tlug] Blocking bad sshd bruteforce attempt

[scott <scott@example.com>]

On Wed, 2006-07-12 at 15:41 +0900, GMO Unix Erin D. Hughes wrote:

> I really want to try the port knocking and other options but I really
> haven't had the time. 

If you are using Debian you can get knockd using apt-get. It takes about
15 seconds to configure. Seriously, it's really easy to set up, just
configure the /etc/knockd.conf to reflect the port numbers you prefer in
the sequence, and if you are using shorewall change the -A switch to an
-I, and then run it as a daemon. Then download the knock client for
whichever machine you will be knocking from, run the command knock and
select IP and the ports, and the door will be opened for the IP that
knocked via IPtable insertion. 

Here's a wiki I found helpful- it's for Gentoo but applicable to many
distros:

http://gentoo-wiki.com/HOWTO_Port_Knocking 

Cheers,
Scott VanDusen