On Thu, Jun 17, 2010 at 5:31 PM, Sebastian Rother <[email protected]> wrote: > But OpenBSDs "PF" could limit the > attacks you descripe pretty nicely (and here I have to thanks Henning > and others for their free time imho, what you made is imho working at > least).
Here's how it is done on Linux: iptables -F iptables -t nat -F iptables -t mangle -F iptables -X # Block SSH brute force attacks but not our networks like 1.2.3.0/24 etc. iptables -N SSH_WHITELIST iptables -A SSH_WHITELIST -s 1.2.3.0/24 -m recent --remove --name SSH -j ACCEPT iptables -A SSH_WHITELIST -s 4.5.6.0/24 -m recent --remove --name SSH -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP BMF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
