Re: SSH attack

To: Jiann-Ming Su <sujiannming@gmail.com>
Cc: debian-user@lists.debian.org
Subject: Re: SSH attack
From: Ritesh Raj Sarraf <rrs@researchut.com>
Date: Sat, 19 Nov 2005 22:50:25 +0530
Message-id: <[🔎] 200511192250.33018.rrs@researchut.com>
Reply-to: rrs@researchut.com
In-reply-to: <[🔎] 561dc3260511151104h75c74879n99d53f0e9d981f02@mail.gmail.com>
References: <Pine.LNX.3.96.1051010230303.19907A-100000@Maggie.Linux-Consulting.com> <Pine.LNX.4.64.0510151511060.24187@mail.logicalwebhost.com> <[🔎] 561dc3260511151104h75c74879n99d53f0e9d981f02@mail.gmail.com>

On Wednesday 16 Nov 2005 00:34, Jiann-Ming Su wrote:
> On 10/15/05, Ritesh Raj Sarraf <rrs@researchut.com> wrote:
> > ## SSH Bruteforce
> > iptables -N SSH_WHITELIST
> > iptables -A SSH_WHITELIST -s 10.0.1.0/24 -m recent --remove --name SSH -j
> > ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
> > --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW
> > -j SSH_WHITELIST iptables -A INPUT -p tcp --dport 22 -m state --state NEW
> > -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j denylog
>
> While this is the best solution I've seen as well, there are some
> issues with the "recent" module...
>
>   http://lists.debian.org/debian-kernel/2005/10/msg00302.html
>

I haven't yet seen this behavior on my machines. It's been a month now since 
I'm using the "recent" module.

Regards,

rrs
-- 
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
"Stealing logic from one person is plagiarism, stealing from many is 
research."
"Necessity is the mother of invention."

Attachment: pgpGg0Qjv5M_f.pgp
Description: PGP signature

Reply to:

References:
- Re: SSH attack
  - From: Jiann-Ming Su <sujiannming@gmail.com>

Prev by Date: Re: unable to bring up eth0
Next by Date: Re: unable to bring up eth0
Previous by thread: Re: SSH attack
Next by thread: sytem running out of free disk space
Index(es):
- Date
- Thread