SSH Bot attack Prevention

Dallin Jones squitoey at gmail.com
Wed Mar 14 10:51:39 MDT 2007


Here are the two SSH rules that I use. Before I started using this, I
was getting between 300-1000 ssh login attempts... It is now about 20
a day. Not perfect, but helps a lot. I have it set to allow two
connection attempts every 10 minutes, this can easily be changed
though.

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
recent --update --seconds 600 --hitcount 2 -j DROP

Dallin



More information about the PLUG mailing list