-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
use sshd_config to do the most here for you, set this;
PasswordGuesses 1
That will slow auto scripts and kiddies down. The default here is 3. you might also, since sshd is tcpd capable, restrict sshd to only allow logings from specific addresses and users, and tcpd logs this all nicely for one as well.
Thanks,
Ron DuFresne
On Fri, 6 May 2005, Brent Clark wrote:
Hi All
One one of my hosted boxes, my logwatch scripts continuously pipe out my ssh and auth log of unsuccessful dictionary attacks
I came across this link : http://blog.andrew.net.au/2005/02/17/
And seen that it would help me slow (in hope) that malious person done.
Would anyone care to comment / share tips etc on what I have below
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
iptables -A SSH_WHITELIST -s $MYIPADDRESS -m recent --remove --name SSH -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH BRUTE"
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP
Kind Regards Brent Clark
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCe8Wnst+vzJSwZikRAjNyAKDG4YSEHKO3TG0PbrKS7apsUMoM8wCfeyHo vRw5TCVAqSLN9CZSzbAT3Hs= =ylIV -----END PGP SIGNATURE-----
