Successful SSH Attack - Need help cleaning up

Kyle Waters unum at unum5.org
Sat Oct 28 14:19:55 MDT 2006


Chris Carey wrote:

> Good idea. Could someone please post a sample iptables rate-limit for
> brute force attempts? I may get around to writing my own tonight
> unless someone has already done the homework. I guess one would need a
> rule that triggers on too many SYN per second to the SSH port?. I
> wouldnt want the rule to trigger on an already established connection.
> We can't have it simply look for packets-per-second.

I use shorewall so my ssh line looks like this:

ACCEPT          net              fw             TCP     22
-       -       2/min:2

There's probably a better way to do it with an shorewall action.

unum



More information about the PLUG mailing list