On Tue, Dec 21, 2010 at 2:53 AM, Christopher Howard
<cmhoward@frigidcode.com> wrote:
> As a naive iptables user, I was wondering what you guys thought of this:
>
> http://thiemonagel.de/2006/02/preventing-brute-force-attacks-using-iptables-recent-matching/
>
> I've been getting a lot of attacks lately of the kind described in the article: the attacker will try SSH'ing into 40 or 50 different common user names, and then a few seconds later he will try again from another host.
I've been doing a number of limits on common ports for years now.
The most commonly abused is ssh.
So I have setup limits of:
ssh 1 per minute with an initial burst of 5.
I can see in my logs that before I turned this on I'd get 100's from a
single IP, and there would be lots of hosts trying.
Now that I've got it set to the above. I see 1-3 hosts a day try, and
usually hours apart.
I've had zero complaints from legitimate users.
-J
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Dec 23 10:29:29 2010
This archive was generated by hypermail 2.1.8 : Thu Dec 23 2010 - 10:29:29 AKST