Comments on: Kicking out SSH script kiddies with autoblock http://blog.paulbetts.org/index.php/2007/04/11/kicking-out-ssh-script-kiddies-with-autoblock/ Paul Betts's personal website / blog / what-have-you Wed, 26 May 2010 09:57:21 +0000 hourly 1 http://wordpress.org/?v=3.0.5 By: Paul Betts http://blog.paulbetts.org/index.php/2007/04/11/kicking-out-ssh-script-kiddies-with-autoblock/comment-page-1/#comment-8264 Paul Betts Thu, 17 Apr 2008 23:20:44 +0000 http://blog.paulbetts.org/index.php/2007/04/11/kicking-out-ssh-script-kiddies-with-autoblock/#comment-8264 @Fredrik: If you add an IP address into the table, will it do a reverse lookup? I thought that it'd keep whatever you put into it. If that's not the case then I believe you're right. Thanks for picking this up! @Fredrik: If you add an IP address into the table, will it do a reverse lookup? I thought that it’d keep whatever you put into it. If that’s not the case then I believe you’re right. Thanks for picking this up!

]]> By: Fredrik Lanker http://blog.paulbetts.org/index.php/2007/04/11/kicking-out-ssh-script-kiddies-with-autoblock/comment-page-1/#comment-8259 Fredrik Lanker Thu, 17 Apr 2008 17:54:46 +0000 http://blog.paulbetts.org/index.php/2007/04/11/kicking-out-ssh-script-kiddies-with-autoblock/#comment-8259 Really nice tip! But I think you want to change tables = `iptables --list` to tables = `iptables --list --numeric` otherwise you will end up with lots of duplicate entries in your iptable since tables.include? addr will compare the host name from the table with the IP address from the log, which will fail. (I don't know any ruby, but I think that's where the problem is...) Really nice tip! But I think you want to change

tables = `iptables –list`

to

tables = `iptables –list –numeric`

otherwise you will end up with lots of duplicate entries in your iptable since

tables.include? addr

will compare the host name from the table with the IP address from the log, which will fail. (I don’t know any ruby, but I think that’s where the problem is…)

]]>