your favourite method of dealing with ssh brute force attacks
Michał Piotrowski
mkkp4x4 at gmail.com
Wed Mar 17 22:24:35 UTC 2010
2010/3/17 Eric Sandeen <sandeen at redhat.com>:
> Michał Piotrowski wrote:
>> Hi,
>>
>> I recetly had 30 hours of ssh brute force attack on my system. I'm
>> using strong passwords, but still can be geneated from /dev/random, so
>> I switched to rsa authentication. What's your favourite way to deal
>> with such attacks? Please describe pros and cons.
>>
>> Regards,
>> Michal
>
> Aside from not allowing password logins, I throttle them, they usually
> get tired and go away to an easier target.
>
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -m limit --limit 1/minute --limit-burst 2 -j ACCEPT
If I understand correctly - this limits ssh connections to two
connections per minute. I tried it before on my devel server without
success. I tried it now with your configuration also without success.
I used
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -m limit
--limit 2/minute --limit-burst 2 -j ACCEPT
and I still can connect to ssh as many times as I want.
>
>
> -Eric
Regards,
Michal
More information about the devel
mailing list