Re: sshd: Authentication Failures: 137 Time(s)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 


> Hi,
> 
> to prevent scripted dictionary attacks to
sshd
> I applied those iptables rules:
> 
> -A
INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
>
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
>
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set
> --name SSH --rsource

What I have done to totally thwart
script-kiddy attacks against SSH is to 

1) Move sshd to another
port, one higher than 5000
2) configure SSH for RSA-KEY
authentication ONLY IE no PAM auth
3) Set up Fail2Ban to auto
ip-table block ANY offending IPs after 5 tries.

Script kiddies
assume ssh is on port 22, and mosr posr scans don't go as high as 5000.

Since I implement this strategy a month ago, I have seen ZERO
attempts against SSH

>
_______________________________________________
> CentOS mailing
list
> CentOS@xxxxxxxxxx
>
http://lists.centos.org/mailman/listinfo/centos
>

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux