your favourite method of dealing with ssh brute force attacks
Eric Sandeen
sandeen at redhat.com
Wed Mar 17 22:11:14 UTC 2010
Michał Piotrowski wrote:
> Hi,
>
> I recetly had 30 hours of ssh brute force attack on my system. I'm
> using strong passwords, but still can be geneated from /dev/random, so
> I switched to rsa authentication. What's your favourite way to deal
> with such attacks? Please describe pros and cons.
>
> Regards,
> Michal
Aside from not allowing password logins, I throttle them, they usually
get tired and go away to an easier target.
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -m limit --limit 1/minute --limit-burst 2 -j ACCEPT
-Eric
More information about the devel
mailing list