[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Temporarily Disable IP [ANOTHER SOLUTION]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Another solution besides using DenyHosts is to use the following set of
iptables commands. (Courtesy: A friend who constantly monitors this list
but wants to remain anonymous)

## create denylog chain
iptables -N denylog
iptables -A denylog -j LOG
iptables -A denylog -j DROP

## SSH Bruteforce
iptables -N SSH_WHITELIST
iptables -A SSH_WHITELIST -s 10.0.1.0/24 -m recent --remove --name SSH 
- - -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set 
- - --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent 
- - --update --seconds 60 --hitcount 4 --rttl --name SSH -j denylog



Creates a whilelist of one or more networks. All others are subject to 
inspection. More than 4 hits within 60 seconds are denied. In case of 60 
seconds without a hit, this rule is automatically cleared again. That's 
the magic of the "recent"-module of iptables. It works for me - and it's 
very useful!

Thanks,

rrs
- -- 
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
Gnupg Key ID: 04F130BC
"Stealing logic from one person is plagiarism, stealing from many is
research."
"Necessity is the mother of invention."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDSF064Rhi6gTxMLwRApz8AJ9SLK43nn9vHsre6MuzHOtvVQFIRwCgkBqY
iju1XQJcZW5seUVyJCZPgjw=
=U0CL
-----END PGP SIGNATURE-----
Reply to: