[GRLUG] Limiting SSH brute force attacks with IPTABLES (recent module)...

Collin adderd at kkmfg.com
Mon Feb 20 14:12:28 EST 2006


> Excellent.  Thanks, Collin.  This is the sort of answer for which I was
> hoping.  My logs show similar attempts (real names, "Admin", et cetera).
> I do not have any "real" names as accounts and the passwords are not
> dictionary words (well...some are but they are 0bFusc4t3d).  It makes
> sense that adding all the IP's to /etc/hosts.deny is overkill.  I wonder
> how many of the IP's are static.  I suspect many are not so denying them
> serves no real purpose other than having a hosts.deny weigh in at 100k 
> after a few months. :-)
>
> Thanks again.
>   


As a side note, I even have password based logins disabled for SSH so 
they can go ahead and try all of the passwords they want! ;-) I could 
even GIVE the script kiddie my password, it wouldn't do them any good. 
(Not that it would be bright... You never know if you accidentally left 
some service running or otherwise did something to provide an 
opportunity). For my SSH I use all public key challenge/response. That's 
quite hard for a hacker to break into. I keep my key encrypted with a 
pass phrase, in a secured volume encrypted with 256bit AES on a 
pendrive. If a hacker can manage to get all of that out of me then I 
must have been kidnapped and tortured. In that case they can have my 
data, I'll talk!


More information about the grlug mailing list