Successful SSH Attack - Need help cleaning up

Chris Carey chris.carey at
Fri Oct 27 17:52:38 MDT 2006

On 10/27/06, Kyle Waters <unum at> wrote:
> Someone suggested moving the ssh port to a different port, I think this
> is an excellent suggestion.  You may also want to also consider setting
> a rate limit using iptables so that it is more difficult for someone to
> use a brute force attack.  If you do set up rate limiting your users
> will not have to make any changes on their end.

Good idea. Could someone please post a sample iptables rate-limit for
brute force attempts? I may get around to writing my own tonight
unless someone has already done the homework. I guess one would need a
rule that triggers on too many SYN per second to the SSH port?. I
wouldnt want the rule to trigger on an already established connection.
We can't have it simply look for packets-per-second.

More information about the PLUG mailing list