On Thu, Sep 04, 2008 at 01:29:47PM +0200, Pieter Donche wrote: > I want to counter SSH brute force attacks on the various servers with > This is a good thing to want to do.
> Limit:info:SSHA,3,60 net serv tcp 22 > There are multiple ways to do this. Here is how I prefer to set it up on my servers: SSH/ACCEPT loc $FW SSH/ACCEPT net $FW - - - - 1/min:2 That lets machines on the local side (which often access things like svn+ssh that make lots of new connection requests, have unresctricted access. > - In the log I hope there will be only entries when there occur more > than 3 SSH connections from a same IP in a 60 seconds timeframe, > and not for every SSH connection, is that right? > It is actually a global limit. So, if I trigger the rate limit on your server trying to attack it, then you also will be prevented from accessing it until the rate limit allows another connection. Though, in practice I have not found this to be too great of a problem, since scripts often get stuck or bored on rate-limited connections and time out. Though, in your case, port knocking might be a better solution. > - In case the seeker of access is a normal person, just not very well > remembering his password, will he get some warning that he will have > to wait for about a minute after 3 tries? > There will be no warning. The connection will simply appear to hang. Incidentally, if you allow password-based logins, then there is no way to guarantee protection from brute force attacks. The only way to guarantee that a brute force attack will never succeed is to allow only key-based logins. Also, if you go the route of having key-based logins, make certain to educate your users on the importance of choosing string passphrases for their keys and otherwise properly securing them. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
