[GRLUG] Limiting SSH brute force attacks with IPTABLES (recent module)...
Godwin
geektoyz at gmail.com
Mon Feb 20 12:15:15 EST 2006
Nothing new, just a different way of handling it. I, for one, have
used the "limit" module before, but the new "recent" way of blocking
bad IP's seems better. Check it (as posted on digg.com):
http://www.debian-administration.org/articles/187
http://www.linux-noob.com/forums/index.php?showtopic=1829
In essence, limit it to 3 atttempts per minute:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
--set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
--update --seconds 60 --hitcount 4 -j DROP
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
cheers,
G-
--
Ubber::Geek
http://grlug.org/
More information about the grlug
mailing list