IPTables, block ssh brute force attacks [Archive] - HowtoForge Forums

View Full Version : IPTables, block ssh brute force attacks

redem

9th April 2008, 16:22

Hi all...

how i block the various ssh brute force attacks with iptables?

Currently i'm using these rules:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m limit --limit 1/min --limit-burst 3 -j *CORRECT* DROP

But these don't work :confused: ...

Thanks

EDIT:

I have edited a rule, waiting for response :)

chipsafts

9th April 2008, 19:56

I use the hosts.deny file to protect the ssh.

Take a look at PortSentry , http://sourceforge.net/projects/sentrytools/

falko

10th April 2008, 18:54

Take a look at fail2ban: http://www.howtoforge.com/fail2ban_debian_etch
DenyHosts: http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
BlockHosts: http://www.howtoforge.com/blockhosts_debian_etch

topdog

11th April 2008, 10:02

If you want to do it via iptables you need to use netfilters ipt_recent module

http://www.snowman.net/projects/ipt_recent/

redem

11th April 2008, 16:23

Thanks guys :)