Stupid SSH tricks

[Allen Taylor]

On Fri, Sep 10, 2004 at 01:19:09PM -0400, Wil McGilvery wrote:
> I have these idiots who are using a brute force attach on ssh to gain 
> access to the system. They try over and over again with different ip 
> addresses.
> 
> Is there any way to block an ip address after it has failed a certain 
> number of attempts or do I have write my own script for this?
>

I'm being hit the same way from China and Ireland, although a little
more sporadic. I've blocked port 22 inbound for now since I'm the only
one that uses it - you may not have that option. 

I was wondering if one could rate limit SSH accesses through iptables?
(i.e. after 3 new port 22 connections in a 5 minute period, limit to 1 
every two minutes for next hour - so I can still get in with a bit of 
patience but would really slow down brute force attacks.)

Just a thought - I'm still at the very basic stage with iptables.

Allen

[Apologies if this is a duplicate - I replied originally from another
email address and it (so far - 2+ hours) has not come thru. This address
is the one I'm subscribed under.]
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml