Re: SSH Brute force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Brent Clark wrote:
Would you be so kind as to copy and paste your ruleset for this.
No problem, here's my variation, based on Taylor Grant's ruleset

$ipt -N SSH_Brute_Force
$ipt -A INPUT -p tcp --dport 22 -m state --state NEW -s ! $MyIP -j SSH_Brute_Force
$ipt -A SSH_Brute_Force -m recent --set --name SSH
$ipt -A SSH_Brute_Force -m recent ! --rcheck --name SSH --seconds 60 --hitcount 3 -j RETURN
$ipt -A SSH_Brute_Force -m recent --name SSH --update
$ipt -A SSH_Brute_Force -j LOG --log-prefix "SSH Brute Force Attempt: "
$ipt -A SSH_Brute_Force -j DROP


I am forced to use DROP here instead of TARPIT as the TARPIT isn't
supported yet for the 2.6.x kernel branch

--
with regards
Łukasz Hejnak


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux