Tuesday, December 16, 2008

Under attack

I have a DSL link home, and by now I operate a regular unix system for the router, and it's the first system I have with an internet-facing sshd. Now, every once in a while some bot comes along and seems to try out a lot of account/password combinations, not withstanding the fact that I only enabled public key authentication.

Idea: Whenever massive login attempts are detected, just reflect further incoming connection attempts from the same address back to that address. Thus the bot just attacks its own machine.

Question: How to do this without hacking the sshd itself? Possibly temporary static nat rules?

No comments: