| |||||||||||||
Preventing brute force ssh attacksPreventing brute force ssh attacksPosted Oct 25, 2007 2:28 UTC (Thu) by bferrell (subscriber, #624)Parent article: Preventing brute force ssh attacks
I found this set of iptables rules in an article somewhere (sorry, I don't remember where) that sure takes the wind out of the brute force types. iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name SSH -j DROP
(Log in to post comments)
Preventing brute force ssh attacks Posted Oct 25, 2007 2:29 UTC (Thu) by bferrell (subscriber, #624) [Link] oops, they're in the offsite article
Preventing brute force ssh attacks Posted Oct 25, 2007 8:09 UTC (Thu) by jordanb (guest, #45668) [Link] This has worked very well for me for a long time. The only problem is if you type your password wrong a few times you can trigger the block, but at least it expires after a minute of no connection attempts, so you just have to wait a while.
Preventing brute force ssh attacks Posted Oct 25, 2007 8:47 UTC (Thu) by madhatter (subscriber, #4665) [Link] I wrote a slightly more detailed article on this that some may find useful, at http://www.teaparty.net/technotes/ssh-rate-limiting.html
|
|||||||||||||