Łukasz Hejnak wrote:
Brent Clark wrote:
Would you be so kind as to copy and paste your ruleset for this.
No problem, here's my variation, based on Taylor Grant's ruleset
$ipt -N SSH_Brute_Force
$ipt -A INPUT -p tcp --dport 22 -m state --state NEW -s ! $MyIP -j
SSH_Brute_Force
$ipt -A SSH_Brute_Force -m recent --set --name SSH
$ipt -A SSH_Brute_Force -m recent ! --rcheck --name SSH --seconds 60
--hitcount 3 -j RETURN
$ipt -A SSH_Brute_Force -m recent --name SSH --update
$ipt -A SSH_Brute_Force -j LOG --log-prefix "SSH Brute Force Attempt: "
$ipt -A SSH_Brute_Force -j DROP
I am forced to use DROP here instead of TARPIT as the TARPIT isn't
supported yet for the 2.6.x kernel branch
Hi Łukasz
Thanks for this.
I managed to get TARPIT in my kernel.
But I decided it against using it.
Doesnt TARPIT use / create unnecessary overhead
Kind Regards
Brent Clark
