Re: SSH allow only form selected IP'

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Samuel <samuel@bcgreen.com>
To: Kev <savage-garden@hanikamail.com>, linux-admin@vger.kernel.org
Subject: Re: SSH allow only form selected IP'
Date: Wed, 18 Aug 2004 03:46:28 -0700	[thread overview]
Message-ID: <41233384.7000106@bcgreen.com> (raw)
In-Reply-To: <20040816193418.FA8B.SAVAGE-GARDEN@hanikamail.com>

blocking using iptables is easily the most efficient if you're dealing
with a DDOS situation.  It blocks at the kerrnel, so the opening packet
is never accepted and sshd is never called.  Any other solution is
likely to require an open connection and a process to deal with things.

I actually can't find a way to get sshd to only allow certain hosts
by IP address.  AllowHosts used to work, but seems to be missing fromm
the mosth recent sshd_config format

Kev wrote:

> I did both, i blocked IP's with iptbels and i also configured SSH Demean
> to only allow connections form given IP's 
> 
> my server was down like 2-3 times a week due to DDOS attach or some one
> running a attach on my SSH, now the server seem to be running fine.
> 
> oh yeah and i also blocked all ICMP communication and only allowed form
> my IP only :)

-- 
Stephen Samuel +1(604)876-0426                samuel@bcgreen.com
		   http://www.bcgreen.com/~samuel/
    Powerful committed communication. Transformation touching
      the jewel within each person and bringing it to light.

next prev parent reply	other threads:[~2004-08-18 10:46 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-14 11:52 Re[2]: SSH allow only form selected IP' luke
2004-08-15 12:58 ` James Turnbull
2004-08-15 13:54   ` Re[2]: " Kev
2004-08-15 14:59   ` luke
2004-08-16 11:23     ` James Turnbull
2004-08-16 13:37       ` Re[2]: " Kev
2004-08-16 16:30         ` VPN question Tony Gogoi
2004-08-16 17:29           ` Adam Lang
2004-08-16 18:50             ` Tony Gogoi
2004-08-16 18:59               ` Adam Lang
2004-08-18 10:46         ` Stephen Samuel [this message]
  -- strict thread matches above, loose matches on Subject: below --
2004-08-14 10:34 SSH allow only form selected IP' Kev
2004-08-14 10:54 ` James Turnbull
2004-08-14 11:18   ` Re[2]: " Kev
2004-08-14 11:42     ` James Turnbull
2004-08-14 11:46     ` James Turnbull

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41233384.7000106@bcgreen.com \
    --to=samuel@bcgreen.com \
    --cc=linux-admin@vger.kernel.org \
    --cc=savage-garden@hanikamail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.