Re: Banning SSH attackers

From: calvin (buzzedlightyear_at_gmail.com)
Date: 10/22/05

  • Next message: Camron W. Fox: "Re: Banning SSH attackers"
    To: Paul Berube <stazz@shaw.ca>, secureshell@securityfocus.com
    Date: Fri, 21 Oct 2005 23:42:23 -0700
    
    
    

    check into iptables. assuming that you're on a linux or unix box. man
    iptables. using iptables you can limit attempts or so many connections
    from a single IP. after so many attempts and connections, it won't allow
    anymore connections or attempts for a specified amount of time.

    both the rulles following will limit to 5 connections every minute on
    port 22, dropping every attempt after that. every connection is

    iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
    recent --set

    iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
    recent --update --seconds 60 --hitcount 5 -j DROP

    so after bruteforce attack, after the 4th attempt within a minute the
    connections will be dropped. you can modify the numbers and rules. also
    use google for for iptables and ssh securing.

    
    



  • Next message: Camron W. Fox: "Re: Banning SSH attackers"

    Relevant Pages

    • IPTables Established connection problem.
      ... I posted a couple weeks ago about IPTables possibly losing state. ... My established connections still freeze if I have firewalling ... $IPT -F OUTPUT ... #Log martians (packets with impossible addresses) ...
      (comp.os.linux.security)
    • Re: network / performance problems
      ... > due to some bug in whatever is dynamically adding firewall rules to your system. ... I *do* run iptables on all of these machines. ... # Allow this host to establish new connections. ...
      (Linux-Kernel)
    • Re: network / performance problems
      ... > adopted the habit of compiling netfilter stuff as modules, ... > statically link everything and run it that way to see what I can see. ... and use iptables to set up connection tracking rules (as ... # Allow this host to establish new connections. ...
      (Linux-Kernel)
    • Re: firewall problems killing tomcat and apache
      ... I am trying to run apache and tomcat servers to serve content and apps for the internal LAN, ... I know tomcat needs ports 8009, 8080 and 8443 by default, and I studied my iptables script but it looks fine. ... I remember Netscape used to do IPC through TCP/IP connections to localhost. ...
      (Debian-User)
    • Re: IPTables Port Forwarding
      ... ESTABLISHED and RELATED connections: ... packets will go back through your firewall). ... Then the client gets an answer from "192.168.1.50", ... iptables -t nat -F ...
      (Debian-User)