Tuts4Tech » wordlist http://tuts4tech.net Tech Tutorials Tue, 04 May 2010 20:35:37 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 Stopping SSH brute force attacks using iptables http://tuts4tech.net/2009/04/09/stopping-ssh-brute-force-attacks-using-iptables/ http://tuts4tech.net/2009/04/09/stopping-ssh-brute-force-attacks-using-iptables/#comments Thu, 09 Apr 2009 11:08:52 +0000 Duffy http://duffys-place.co.cc/?p=130 If your running a SSH server on the default port(22) you've probably noticed a lot of failed login attempts cause due to brute force attacks

Adding the following to your IP tables will only allow 3 connections at once from any IP if it goes above 3 then that IP is locked out for 3minutes. At this stage the bot running the attack will either give up as its getting no reply from the SSH server or it will keep trying until it finishes its wordlist

iptables -I INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource

iptables -I INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP
]]> http://tuts4tech.net/2009/04/09/stopping-ssh-brute-force-attacks-using-iptables/feed/ 0