| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jun 2010 21:43:25 -0700 From: BMF <badmotherfsckr@...il.com> To: Sebastian Rother <sebastian.rother@...erlin.de> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: targetted SSH bruteforce attacks On Thu, Jun 17, 2010 at 5:31 PM, Sebastian Rother <sebastian.rother@...erlin.de> wrote: > But OpenBSDs "PF" could limit the > attacks you descripe pretty nicely (and here I have to thanks Henning > and others for their free time imho, what you made is imho working at > least). Here's how it is done on Linux: iptables -F iptables -t nat -F iptables -t mangle -F iptables -X # Block SSH brute force attacks but not our networks like 1.2.3.0/24 etc. iptables -N SSH_WHITELIST iptables -A SSH_WHITELIST -s 1.2.3.0/24 -m recent --remove --name SSH -j ACCEPT iptables -A SSH_WHITELIST -s 4.5.6.0/24 -m recent --remove --name SSH -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP BMF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists