Re: SSH Brute force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 23 May 2005 11:53:59 -0500
"Taylor, Grant" <gtaylor@xxxxxxxxxxxxxxxxx> wrote:

> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
> --name SSH --set --rsource -j SSH_Brute_Force iptables -A

I don't know if this ever came up, maybe I overlooked it but I have a
problem with the anti-brute-force-thing:
My server has this little feature and its IP is X and mine is A.
Here the interresting part: The bad guy Tom. 
To make it short: Tom does 

hping2 --syn --spoof A --destport 22 --fast X

I could put A in my $whitelist but I hing you got the point :)

- -- 
Regards
Sebastian Siewior
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCmP2ZmNVcHP4/RwYRAp8bAJ4jUGbvzgKmNDg6VRbFY+XvY7I8ZgCfTKMP
OyUVGfuLJnVHSsa685TtmPY=
=1oFA
-----END PGP SIGNATURE-----


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux