On 06/29/2017 06:10 PM, jdow wrote:
A rule like this makes cracking your 123456 password a whole lot harder
without changing anything else.
iptables -t filter -A IN_public_deny -p tcp --dport pop3s --syn -m
recent --name pop3s_attack --rcheck --seconds 90 --hitcount 2 -j LOG
--log-prefix 'SSH2 REJECT: ' --log-level info
The magic is in "-m recent --rcheck --seconds 90 --hitcount 2". That
means any given site gets one chance to login before facing a 90 second
blockage. If they have to guess "AZBYCXDW" as a password you can imagine
how long you have to catch him in your log and explicitly block his
whole subnet.
Yes, the rule I have is similar to that, but I use Firewall Builder to
generate the rules.
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m hashlimit
--hashlimit 1/minute --hashlimit-mode srcip --hashlimit-name ssh
--hashlimit-htable-size 512 -j ACCEPT
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
