|
Full Disclosure
mailing list archives
Re: SSH Bruteforce blocking script
From: miah <miah () chia-pet org>
Date: Fri, 2 Sep 2005 11:55:35 -0400
If you're running iptables why not make use of hashlimit? Once
a limit is reached all connection attempts from that IP would be blocked
until the hash entry expires.
An example pulled from the web:
iptables -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit \
1/min --hashlimit-mode srcip --hashlimit-name ssh -m state \
--state NEW -j ACCEPT
https://www.redhat.com/archives/fedora-test-list/2005-August/msg00061.html
http://tinyurl.com/94fak
Also, don't forget to man iptables or iptables -m hashlimit -h
-miah
On Fri, Sep 02, 2005 at 07:33:02PM +0800, Michael L Benjamin wrote:
-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Pedro
Hugo
Sent: Friday, 2 September 2005 05:53 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] SSH Bruteforce blocking script
Hi,
I don't want to debate the goodness or badness of the strategy of
blocking hosts like this in /etc/hosts.deny. It works perfectly for me,
and most
likely would for you, so no religious debates thanks. It's effective at
blocking bruteforce attacks. If a host EXCEEDS a specified number of
guesses
during the (configurable) 30 seconds it takes the script to cycle, the
host is blacklisted.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- RE: SSH Bruteforce blocking script, (continued)
|
Intro
