[plug] ssh scans
Nikhil Jogia
plug at nikhiljogia.com
Wed Sep 20 13:26:49 WST 2006
Stuart Midgley wrote:
rules like these can also assist
>>
>> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW
>> -m recent --set --name SSH --rsource
>> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW
>> -j SSH_WHITELIST
>> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW
>> -m recent --update --seconds 60 --hitcount 5 --rttl --name SSH
>> --rsource -j LOG --log-prefix "SSH_brute_force"
>> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW
>> -m recent --update --seconds 60 --hitcount 5 --rttl --name SSH
>> --rsource -j DROP
>>
>> which only accept 5 connections in 60s to port 22... if it gets more
>> than that, it drops the packets. Doesn't work with old versions of
>> iptables.
>>
>> Stu.
>>
>>
>>
Would these rules be appropriate on other ports such as HTTP and SMTP in
order to prevent denial of service attacks?
More information about the plug
mailing list