|Home About Us Services Clients Resources Blog Careers Orderbox™||contact us Site map links|
Block pesky SSH brute force attacks via 2 simple iptables rules
VPS and dedicated
users who look at their
As is the tradition with Linux, everyone and his uncle have their own solutions for this issue. In fact, lots of people have created entire packages for dealing with this, often requiring you to install this or that dependency. Lockout scripts such as this or this are a dime a dozen and they are generally a pain and a mess to install and maintain, often draining precious minutes, if not hours, from your day trying to track down the dependencies, installing them and getting them to work correctly.
However, as is usually the case for those who truly understand the Zen of Linux (those who use Slackware), there is a working solution that is far far simpler. This involves just 2 iptables rules:
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 8 --rttl --name SSH -j DROP
What these rules do is limit the number of connections from a particular
IP address to a maximum of 8 every 10 minutes.
In Slackware, the correct place to add this to is
Problem solved. Unless, that is, you are one of those impractical fellows who want to think up of a solution that is "even more secure" (e.g. one that will cause you far more trouble than it saves you from). In those cases, you may wish to try the solutions that involve installing packages rather than just running some commands.
OpenVZ users: If you do a
iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 8 --rttl --name SSH -j DROP
UPDATE: In Linux 220.127.116.11 (e.g. Slackware 13.37), for
"recent" match support under Networking options -> Network packet filtering framework (Netfilter) -> Core Netfilter Configuration.
In order to make the option above appear, I had to check
Networking options -> Network packet filtering framework (Netfilter) -> Advanced netfilter configuration.
This is if you have a custom kernel configuration and
Want to tip via bitcoin?
(address string below for double checking)
© 2012 by Andy Sy
Web Development / Rich Internet Applications (RIA) Development
|© 2003-2015 Neotitans Technologies Inc.||contact/hire us|