On Oct 27, 2006, at 4:52 PM, Chris Carey wrote:
On 10/27/06, Kyle Waters <[EMAIL PROTECTED]> wrote:
Someone suggested moving the ssh port to a different port, I think
this
is an excellent suggestion. You may also want to also consider
setting
a rate limit using iptables so that it is more difficult for
someone to
use a brute force attack. If you do set up rate limiting your users
will not have to make any changes on their end.
Good idea. Could someone please post a sample iptables rate-limit for
brute force attempts? I may get around to writing my own tonight
unless someone has already done the homework. I guess one would need a
rule that triggers on too many SYN per second to the SSH port?. I
wouldnt want the rule to trigger on an already established connection.
We can't have it simply look for packets-per-second.
sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW
-m recent --set
sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW
-m recent --update --seconds 60 --hitcount 4 -j DROP
Anything that hits port 22 more than 4 times within 60 seconds gets
blocked. Change the numbers to suit your situation.
-Blake
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
