[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Temporarily Disable IP [ANOTHER SOLUTION]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Phil Dyer on Monday 10 Oct 2005 06:40 wrote:

> Ritesh Raj Sarraf said:
>> What's your iptables version ?
> 
> sarge 1.2.11-10.

Then it has to work.
I'm using the same and am very happy. The attacks have lowered down by 90%
because all were from automated scripts.

Please re-check the commands you're using.

## create denylog chain
iptables -N denylog
iptables -A denylog -j LOG
iptables -A denylog -j DROP

## SSH Bruteforce
iptables -N SSH_WHITELIST
iptables -A SSH_WHITELIST -s 10.0.1.0/24 -m recent --remove --name SSH 
- -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set 
- --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent 
- --update --seconds 60 --hitcount 4 --rttl --name SSH -j denylog



Creates a whilelist of one or more networks. All others are subject to 
inspection. More than 4 hits within 60 seconds are denied. In case of 60 
seconds without a hit, this rule is automatically cleared again. That's 
the magic of the "recent"-module of iptables. It works for me - and it's 
very useful!

HTH,

rrs
- -- 
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
Gnupg Key ID: 04F130BC
"Stealing logic from one person is plagiarism, stealing from many is
research."
"Necessity is the mother of invention."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDSr4q4Rhi6gTxMLwRAg+cAJ0a1K+0EtXzkFmfIeJUBpAAmV2BfACgkDnA
2c94mlHWTogPT/8hpUBKsVA=
=jqvm
-----END PGP SIGNATURE-----
Reply to: