comp.security.firewalls archive
Re: stopping brute for ssh attack
From: Pawel Marciniak <mail@www.site>
Date: Mon Jan 30 2006 - 20:57:23 CET
Date: Mon Jan 30 2006 - 20:57:23 CET
Użytkownik Brenda napisał:
> Is there a way to do the following?
> I keep getting brute force attacked on my ssh every night by one or two IP
> addresses,
> I think I have my sshd_config locked down.
> What I would like is if an ip address tries to do 3 or N unsuccessful
> attempts to log in that ip address is cut off and ignored, from then on.
> This would stop most brute force scans
>
> Is there a way to do this?
>
>
Not exactly what you want, but maybe help you.
iptables -I INPUT -p tcp --dport 22 -i ppp0 -m state --state NEW -m
recent --set
iptables -I INPUT -p tcp --dport 22 -i ppp0 -m state --state NEW -m
recent --update --seconds 300 --hitcount 3 -j DROP
-- http://sunrise.homelinux.com JID:pmarciniak[at]jabber[dot]org GG:2739762Received on Tue Feb 7 20:58:26 2006