Re: Banning SSH attackers

From: calvin (buzzedlightyear_at_gmail.com)
Date: 10/22/05

  • Next message: Camron W. Fox: "Re: Banning SSH attackers"
    To: Paul Berube <stazz@shaw.ca>, secureshell@securityfocus.com
    Date: Fri, 21 Oct 2005 23:42:23 -0700
    
    
    

    check into iptables. assuming that you're on a linux or unix box. man
    iptables. using iptables you can limit attempts or so many connections
    from a single IP. after so many attempts and connections, it won't allow
    anymore connections or attempts for a specified amount of time.

    both the rulles following will limit to 5 connections every minute on
    port 22, dropping every attempt after that. every connection is

    iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
    recent --set

    iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
    recent --update --seconds 60 --hitcount 5 -j DROP

    so after bruteforce attack, after the 4th attempt within a minute the
    connections will be dropped. you can modify the numbers and rules. also
    use google for for iptables and ssh securing.

    
    



  • Next message: Camron W. Fox: "Re: Banning SSH attackers"