SCIENTIFIC-LINUX-USERS Archives

October 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: obscure iptables rules [Re: Security Breach]
From:
Brett Viren <[log in to unmask]>
Reply To:
Brett Viren <[log in to unmask]>
Date:
Wed, 1 Oct 2008 12:59:57 -0400
Content-Type:
multipart/mixed
Parts/Attachments:
TEXT/PLAIN (625 bytes) , iptables.sh.gz (469 bytes) 
Christopher Hunter <[log in to unmask]> writes:

> A few months ago someone posted iptables rules using the "hitcount"
> module to limit the rate of new ssh connections (from an ip address).
> Does anyone use this ? Does it work ?
>
> Can someone repost the rules ?

Attached is the script I started using after the brute force attempts
started.  Using it drastically reduced the number of bogus password
attempts.  Typically, any particular attempt would would give up and
not restart after the block expired.  Now we disallow passwords
entirely on any publicly visible SSH server (and so should you) so
it's less useful.

Regards,
-Brett.

ATOM RSS1 RSS2