Re: SSH Brute force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: SSH Brute force attacks
From: Łukasz Hejnak <sziftgroup@xxxxx>
Date: Tue, 17 May 2005 18:06:57 +0200
In-reply-to: <1116336980.24331.28.camel@debianbox>
References: <427B93EE.3030905@eccotours.dyndns.org> <427C4EA3.5090501@riverviewtech.net> <4281FC1A.8090000@eccotours.dyndns.org> <42824D1E.7040508@riverviewtech.net> <4285C016.2060900@wp.pl> <42864CA9.7050802@riverviewtech.net> <428856F8.60706@wp.pl> <Pine.LNX.4.61.0505162103070.3744@e-smith.charlieb.ott.istop.com> <42897A5E.7010401@wp.pl> <42897EE5.90703@wp.pl> <42898402.10507@eccotours.dyndns.org> <4289E72F.7020901@wp.pl> <4289EF97.2060009@eccotours.dyndns.org> <1116336980.24331.28.camel@debianbox>
Sender: netfilter-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mail/News Client 1.0+ (X11/20050513)

Sadus . wrote:

$ipt -A SSH_Brute_Force -m recent ! --rcheck --name SSH --seconds 60 --hitcount 3 -j RETURN -j RETURN didn't work here. It was blocking all my ssh connections, so i used ACCEPT and its working now.


yes, because most probably by default all packets get dropped at the end
of Your INPUT chain, thus If You wan't to perform any other checks of
the ssh packet You need a -j RETURN, and a -j ACCEPT later,
if not a -j ACCEPT here is ok :)

--
With regards
Łukasz Hejnak

References:
- SSH Brute force attacks
  - From: Brent Clark
- Re: SSH Brute force attacks
  - From: Taylor, Grant
- Re: SSH Brute force attacks
  - From: Brent Clark
- Re: SSH Brute force attacks
  - From: Taylor, Grant
- Re: SSH Brute force attacks
  - From: Łukasz Hejnak
- Re: SSH Brute force attacks
  - From: Taylor, Grant
- Re: SSH Brute force attacks
  - From: Łukasz Hejnak
- Re: SSH Brute force attacks
  - From: Charlie Brady
- Re: SSH Brute force attacks
  - From: Łukasz Hejnak
- Re: SSH Brute force attacks
  - From: Łukasz Hejnak
- Re: SSH Brute force attacks
  - From: Łukasz Hejnak
- Re: SSH Brute force attacks
  - From: Brent Clark
- Re: SSH Brute force attacks
  - From: Sadus .

Prev by Date: Re: Host blocking
Next by Date: Active and Passive FTP
Previous by thread: Re: SSH Brute force attacks
Next by thread: Re: SSH Brute force attacks
Index(es):
- Date
- Thread

[Index of Archives] [Linux Netfilter Development] [Linux Kernel Networking Development] [Netem] [Berkeley Packet Filter] [Linux Kernel Development] [Advanced Routing & Traffice Control] [Bugtraq]