[BlueOnyx:11950] Re: Blocking brute force SSH login attempts
Gerald Waugh
gwaugh at frontstreetnetworks.com
Wed Jan 9 12:23:41 -05 2013
On 01/09/2013 08:07 AM, James wrote:
>
> Is there a simple way in BlueOnyx to auto-block hosts that fail to
> login via SSH too many times? Something similar to the Failed Logins
> settings for the BlueOnyx login page but for SSH?
>
I use catches attacks in real times, below uses 8 attempts in 60
seconds, of course you can change those parameters
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW
-m recent --set --name SSH
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW
-m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
--
Gerald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20130109/fe22dab0/attachment.html>
More information about the Blueonyx
mailing list