[GRLUG] Limiting SSH brute force attacks with IPTABLES (recent module)...

Godwin geektoyz at gmail.com
Mon Feb 20 12:15:15 EST 2006


Nothing new, just a different way of handling it.  I, for one, have
used the "limit" module before, but the new "recent" way of blocking
bad IP's seems better.  Check it (as posted on digg.com):

http://www.debian-administration.org/articles/187
http://www.linux-noob.com/forums/index.php?showtopic=1829

In essence, limit it to 3 atttempts per minute:

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 4 -j DROP
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT


cheers,
G-


--

Ubber::Geek
http://grlug.org/


More information about the grlug mailing list