n dhert wrote: > Thanks for the hint. > > But now I see my machine is SSH Brute force attacked (someone is trying > to login with all possible first names from the alphabet) but by > continously changing IP source address, so > Limit:... does not help I guess, since this limits the number of SSH > requests for a same IP address...
Yes -- and given that SSHD normally allows three attempts before breaking the connection, each connection recorded by Netfilter represents three login attempts. So with your Limit rule, the IP address gets cut off after 9 attempts in a 60 second interval. > > In the last 3 months some 13.000 tries ( "Invalid user" in my > /var/mail/root) have been done coming from 1.750 different IP adresses :-(( I haven't counted them here but I suspect that your result is about average. Together with using 'Limit', I disable password authentication in all of my SSH servers and then don't worry about it. They can try until hell freezes over and they still won't get in. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
