Preventing SSH dictionary attacks with iptables

2014

Jan	Feb	Mar	Apr
May	Jun	Jul	Aug
Sep	Oct	Nov	Dec

2013

Jan	Feb	Mar	Apr
May	Jun	Jul	Aug
Sep	Oct	Nov	Dec

more...

2011

Jan	Feb	Mar	Apr
May	Jun	Jul	Aug
Sep	Oct	Nov	Dec

2010

Jan	Feb	Mar	Apr
May	Jun	Jul	Aug
Sep	Oct	Nov	Dec

2009

Jan	Feb	Mar	Apr
May	Jun	Jul	Aug
Sep	Oct	Nov	Dec

2008

Jan	Feb	Mar	Apr
May	Jun	Jul	Aug
Sep	Oct	Nov	Dec

2007

Jan	Feb	Mar	Apr
May	Jun	Jul	Aug
Sep	Oct	Nov	Dec

2006

Jan	Feb	Mar	Apr
May	Jun	Jul	Aug
Sep	Oct	Nov	Dec

2005

Jan	Feb	Mar	Apr
May	Jun	Jul	Aug
Sep	Oct	Nov	Dec

2004

Jan	Feb	Mar	Apr
May	Jun	Jul	Aug
Sep	Oct	Nov	Dec

2003

Jan	Feb	Mar	Apr
May	Jun	Jul	Aug
Sep	Oct	Nov	Dec

Photolog

2010-10-12: Through the Looking-Glass

2010-10-10: My radio speaks is binary!

2010-09-16: Gigaminx: (present for my birthday)

2010-09-05: Trini on bike

2010-08-28: Valporquero

2010-08-22: My new bike!

2010-08-13: Mario and Ana's wedding

2010-08-07: Canyoning in Guara

2010-08-05: Trini and Mari in Marbella

2010-08-03: Trini and Chelo in Tabarca

Labels: internet security how-to

Since a few years ago, it is beginning to be very common to have hundreds of connection attempts to SSH port, trying common usernames and passwords.

This has several drawbacks: log files can be filled up, SSH service can be irresponsible and, what is worst, some of the attacks could be successful if one of your users has a weak password.

To prevent those attacks, you can use these simple iptables rules that forbid establishing more than 6 connections per minute from every IP:

iptables -N SSH_CHECK
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m recent --set --name SSH
iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 6 --name SSH -j DROP

New comment

Please, write down your name and what you want to say :-)

Juan Céspedes

Programmer, Caver, Geocacher, Hacker

Tag Cloud