Re: sshd: Authentication Failures: 137 Time(s)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



You could also try using tcpwrappers along with iptables.


On 04/04/2011 06:34 AM, Marian Marinov wrote:
> On Monday 04 April 2011 12:18:43 Rainer Traut wrote:
>> Hi,
>>
>> to prevent scripted dictionary attacks to sshd
>> I applied those iptables rules:
>>
>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
>> --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set
>> --name SSH --rsource
>>
>> And this is part of logwatch:
>>
>> sshd:
>>      Authentication Failures:
>>         unknown (www.telkom.co.ke): 137 Time(s)
>>         unknown (mkongwe.jambo.co.ke): 130 Time(s)
>>         unknown (212.49.70.24): 107 Time(s)
>>         root (195.191.250.101): 8 Time(s)
>>
>> How is it possible for an attacker to try to logon more then 4 times?
>> Can the attacker do this with only one TCP/IP connection without
>> establishing a new one?
>> Or have the scripts been adapted to this?
> 
> The attackers are not trying constantly.. Just a few bursts of trys.
> 
> Look at denyhosts ( http://denyhosts.sourceforge.net/ ). 
> I also have a tool for protecting from brute force attacks called Hawk ( 
> https://github.com/hackman/Hawk-IDS-IPS ).
> 
> Marian
>>
>> Thx
>> Rainer
>> _______________________________________________
>> CentOS mailing list
>> CentOS@xxxxxxxxxx
>> http://lists.centos.org/mailman/listinfo/centos
> 
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux