Re: SSH hank attempts��bad?

Chris Carey chris.carey at gmail.com
Wed Apr 12 10:51:51 MDT 2006


On 4/12/06, Blake B. <shadoi at nanovoid.com> wrote:
>
> I agree with that completely.  But I like simplicity.  I just use
> rate-limiting, I get maybe 2 or 3 attempts at SSH on port 22 a day.
> With this method they give up very quickly.
>
> sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW
> -m recent --set
> sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW
> -m recent   --update --seconds 60 --hitcount 4 -j DROP
>
> Anything that hits port 22 more than 4 times within 60 seconds gets
> blocked.  This is obviously vulnerable to throttling the attacks, but
> it's always automated, and they're usually only interested in the low-
> hanging fruit.
>
> -Blake


This is cool.  Is the rate-limiting on port 22 only blocking the IP of
the offending connection? *or* does it block port 22 for *everyone* if
there are too many incoming connections?

Chris



More information about the PLUG mailing list