Re: SSH hank attempts��bad?
Bryan Sant
bryan.sant at gmail.com
Wed Apr 12 10:44:09 MDT 2006
On 4/12/06, Blake B. <shadoi at nanovoid.com> wrote:
> I agree with that completely. But I like simplicity. I just use
> rate-limiting, I get maybe 2 or 3 attempts at SSH on port 22 a day.
> With this method they give up very quickly.
>
> sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW
> -m recent --set
> sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW
> -m recent --update --seconds 60 --hitcount 4 -j DROP
>
> Anything that hits port 22 more than 4 times within 60 seconds gets
> blocked. This is obviously vulnerable to throttling the attacks, but
> it's always automated, and they're usually only interested in the low-
> hanging fruit.
>
> -Blake
Cool. I didn't know you could do this with netfilter. Oh, netfilter,
is there no end to your goodness?
-Bryan
More information about the PLUG
mailing list