Successful SSH Attack - Need help cleaning up
chris.carey at gmail.com
Fri Oct 27 17:52:38 MDT 2006
On 10/27/06, Kyle Waters <unum at unum5.org> wrote:
> Someone suggested moving the ssh port to a different port, I think this
> is an excellent suggestion. You may also want to also consider setting
> a rate limit using iptables so that it is more difficult for someone to
> use a brute force attack. If you do set up rate limiting your users
> will not have to make any changes on their end.
Good idea. Could someone please post a sample iptables rate-limit for
brute force attempts? I may get around to writing my own tonight
unless someone has already done the homework. I guess one would need a
rule that triggers on too many SYN per second to the SSH port?. I
wouldnt want the rule to trigger on an already established connection.
We can't have it simply look for packets-per-second.
More information about the PLUG