[Freedombox-discuss] Block brute force login attacks?
Den 18 mar 2014 22:18 skrev "Petter Reinholdtsen" <pere at hungry.com>:
>
> [Anders Jackson]
> > This can be done directly by iptables, (but not yet with iptables6 for
> > ip6tables ).
> >
> > So I would suggest using a firewall utility instead, like ufw or
> > shorewall.
>
> This sound interesting. How can iptables know that the login attempt
> failed? My idea is to block too many failed connections, not "too
> many" connections, as a script with ssh-agent backing might well
> connect many times in a short while if the task is right.
Ok, I didn't thought about that use case.
I never used that other than over LAN, not over internet connections. I
just thought about sftp and ssh terminal connection, which usually is
longer.
To know the difference between missed logins and short valid ssh
connections you'll need something else than iptables. Something that
analyse log files or actually knows when login fails.
> > Yes, I think that is a bit too aggressive to block for more than a
> > couple of hours. Half an hour to couple of hours after three failed
> > access would be better, as you suggests. This can be set up in
> > iptables. See ufw directive "limit".
>
> Did not seem to care if the login failed or not, but I might have been
> reading the wrong pages.
My bad, sorry.
Iptables doesn't care about failed or successful logins, just assumes that
many connections during a short time period is many failed login attempts.
Which is why this use case are right for me :-).
I also assumes that connections from the same LAN isn't hostile connections
trying to break passwords.
> --
> Happy hacking
> Petter Reinholdtsen
/Anders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20140318/9fca3ea4/attachment.html>
Reply to: