IPTables, block ssh brute force attacks

redem · Apr 9, 2008

Hi all...

how i block the various ssh brute force attacks with iptables?

Currently i'm using these rules:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m limit --limit 1/min --limit-burst 3 -j *CORRECT* DROP

But these don't work ...

Thanks

EDIT:

I have edited a rule, waiting for response

chipsafts · Apr 9, 2008

I use the hosts.deny file to protect the ssh.

Take a look at PortSentry , http://sourceforge.net/projects/sentrytools/

falko · Apr 10, 2008

Take a look at fail2ban: http://www.howtoforge.com/fail2ban_debian_etch
DenyHosts: http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
BlockHosts: http://www.howtoforge.com/blockhosts_debian_etch

topdog · Apr 11, 2008

If you want to do it via iptables you need to use netfilters ipt_recent module

http://www.snowman.net/projects/ipt_recent/

redem · Apr 11, 2008

Thanks guys

Log in or Sign up

IPTables, block ssh brute force attacks

redem New Member

chipsafts New Member

falko Super Moderator Howtoforge Staff

topdog Active Member

redem New Member

Share This Page

Log in or Sign up

IPTables, block ssh brute force attacks

redem New Member

chipsafts New Member

falko Super Moderator Howtoforge Staff

topdog Active Member

redem New Member

Share This Page

Useful Searches