[Ilugc] Re: Intruders cracked my Server
- From: rajasuperman@xxxxxxxxx (Raja Subramanian)
- Date: Sat Jun 21 22:10:40 2008
On Sat, Jun 21, 2008 at 12:50 PM, sriram <sriram@xxxxxxxxxxxxx> wrote:
you may not even need sshblack to do this type of blocking. modern versions of
iptables has built in capability to do this. for example, do
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent \
--update --seconds 60 --hitcount 2 -j DROP
I use a similar setup on all my servers as well. A word of caution:
it is essential to implement filtering only the external network interface or
subnets for it is easy to establish more than N connections per minute over
the LAN through regular usage through various shell scripts, maintenance
tasks, etc.
For those interested in implementing Proff Sriram's iptables rule sets on
your own machines, please see here:
http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/
- Raja
Other related posts:
