Successful SSH Attack - Need help cleaning up
unum at unum5.org
Sat Oct 28 14:19:55 MDT 2006
Chris Carey wrote:
> Good idea. Could someone please post a sample iptables rate-limit for
> brute force attempts? I may get around to writing my own tonight
> unless someone has already done the homework. I guess one would need a
> rule that triggers on too many SYN per second to the SSH port?. I
> wouldnt want the rule to trigger on an already established connection.
> We can't have it simply look for packets-per-second.
I use shorewall so my ssh line looks like this:
ACCEPT net fw TCP 22
- - 2/min:2
There's probably a better way to do it with an shorewall action.
More information about the PLUG