Re: SSH hank attempts��bad?
Blake B.
shadoi at nanovoid.com
Wed Apr 12 09:10:01 MDT 2006
On Apr 12, 2006, at 7:22 AM, Chris Carey wrote:
> If you want a very nice dynamic port blocker , try Port Scan Attack
> Detector (PSAD) http://www.cipherdyne.com/psad/
>
> Though, you could spend your whole life fighting this losing battle.
> My opinion is to set your security in place, and forget about it.
I agree with that completely. But I like simplicity. I just use
rate-limiting, I get maybe 2 or 3 attempts at SSH on port 22 a day.
With this method they give up very quickly.
sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW
-m recent --set
sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW
-m recent --update --seconds 60 --hitcount 4 -j DROP
Anything that hits port 22 more than 4 times within 60 seconds gets
blocked. This is obviously vulnerable to throttling the attacks, but
it's always automated, and they're usually only interested in the low-
hanging fruit.
-Blake
More information about the PLUG
mailing list