Comment Re:iptables and ipchains scripts to limit SSH acce (Score 1) 754
Sorry, first post to /. , HTML format standard and too used to BBs with auto br
Let's try this again:
An other temporary fix with iptables could be done with the recent module [1] by doing
iptables -A FORWARD -p TCP --dport 22 --syn -m recent --name SSHCHECK --set
iptables -A FORWARD -p TCP -i eth0 --dport 22 --syn -m recent --hitcount 20 --update --name SSHCHECK --seconds 60 -j DROP
This way more than 20 SYN connection attempts per minute per IP will lead to blacklisting for as long as the potential attacker keeps hammering with connections. After 60 seconds of inactivity the IP will be delisted from the backlist. This could be useful as a script kiddie exploit will probably try lots of successive connections to cause the memory corruption
[1]: http://snowman.net/ projects/ipt_recent/
Let's try this again:
An other temporary fix with iptables could be done with the recent module [1] by doing
iptables -A FORWARD -p TCP --dport 22 --syn -m recent --name SSHCHECK --set
iptables -A FORWARD -p TCP -i eth0 --dport 22 --syn -m recent --hitcount 20 --update --name SSHCHECK --seconds 60 -j DROP
This way more than 20 SYN connection attempts per minute per IP will lead to blacklisting for as long as the potential attacker keeps hammering with connections. After 60 seconds of inactivity the IP will be delisted from the backlist. This could be useful as a script kiddie exploit will probably try lots of successive connections to cause the memory corruption
[1]: http://snowman.net/ projects/ipt_recent/
