Re: SSH Brute force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Łukasz Hejnak wrote:
Charlie Brady wrote:
Stick with one "-m recent".
try this:
iptables -A SSH_Brute_Force -m recent --name SSH ! --update --seconds 60
 --hitcount 4 -j RETURN

ok, now I got it.. I mindlessly copied the set Taylor Grant sent to the list, and didn't think enough about it. Now I found the missing piece, the packets going in wheren't marked with --name SSH, so here's why the above didn't work, now it works :]
Thanks for the help and the patience :)


--
with regards
Łukasz Hejnak


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux