Re: Banning SSH attackers
From: calvin (buzzedlightyear_at_gmail.com)
Date: 10/22/05
- Previous message: Raphaël Marichez: "Re: Banning SSH attackers"
- In reply to: Paul Berube: "Banning SSH attackers"
- Next in thread: Camron W. Fox: "Re: Banning SSH attackers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Paul Berube <stazz@shaw.ca>, secureshell@securityfocus.com Date: Fri, 21 Oct 2005 23:42:23 -0700
check into iptables. assuming that you're on a linux or unix box. man
iptables. using iptables you can limit attempts or so many connections
from a single IP. after so many attempts and connections, it won't allow
anymore connections or attempts for a specified amount of time.
both the rulles following will limit to 5 connections every minute on
port 22, dropping every attempt after that. every connection is
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
recent --update --seconds 60 --hitcount 5 -j DROP
so after bruteforce attack, after the 4th attempt within a minute the
connections will be dropped. you can modify the numbers and rules. also
use google for for iptables and ssh securing.
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Raphaël Marichez: "Re: Banning SSH attackers"
- In reply to: Paul Berube: "Banning SSH attackers"
- Next in thread: Camron W. Fox: "Re: Banning SSH attackers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
