Root account
Florin Andrei
florin at andrei.myip.org
Thu Apr 19 17:14:38 UTC 2007
Olivier Picquenot wrote:
>
> You can use iptables to ban these IP after X failed attempts.
>
> For ssh listening on port 22TCP and on iface eth0 :
>
> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
> recent --set
> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
> recent --update --seconds 300 --hitcount 10 -j DROP
>
> Will ban for 300 seconds after 10 failed login attempts.
OK, my iptables-ish skills are a bit rusty - is that a ban triggered by
new connections (you know, full-blown 3-way handshake) or just by SYN
packets?
If it's by SYN packets, there's some potential for a DoS attack.
(Well, there can be a DoS attack even if counting full-blown
connections, but only if the attacker uses the same IP as your own ssh
client, which is not such a big deal usually.)
--
Florin Andrei
http://florin.myip.org/
More information about the ubuntu-users
mailing list