Re: [WTA] Automatically blocking on failed login

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

> Hello All,
> I had problems with the security server, the server is frequently attacked
> using bruteforce attacks. Is there an application that can perform automatic
> blocking when there are failed login to the ports smtp, pop3 port, and
> others?
>
> I am currently using CentOS 5.5 in some servers
> Thanks in advanced.......

This is very simple and works great.  Have done it on about 5 servers now.

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--set --name SSH

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG
--log-prefix 'SSH attack: '

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP

http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/

Matt
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux