On Fri, Jun 16, 2006 at 11:30:36AM +1000, Ronny Haryanto wrote: > - pasang rules ini di iptables supaya kalo connect ke sshd berturut2 lebih dr > 3x > dalam 1 menit langsung diblock: (ganti 192.168.1.4 dg IP anda) > > iptables -N SSH_CHECK > iptables -A INPUT -d 192.168.1.4 -p tcp -m tcp --dport 22 -m state > --state NEW -j SSH_CHECK > iptables -A SSH_CHECK -m state --state NEW -m recent --set --name SSH > --rsource > iptables -A SSH_CHECK -m state --state NEW -m recent --update --seconds > 60 --hitcount 4 --name SSH --rsource > iptables -A SSH_CHECK -m state --state NEW -m recent --rcheck --seconds > 60 --hitcount 4 --name SSH --rsource -j DROP
Nambahkan lagi Mas Ronny. Pakai module tarpit dari patch-o-matic. http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-TARPIT Khusus dr ip atau block ip yg biasa brute force ke port ssh, masukkan rule ini: iptables -A INPUT -i $INET_IFACE -s $IPLIST -p tcp -m tcp --dport 22 -j TARPIT dimana $INET_IFACE adalah interface yg mengarah ke internet dan $IPLIST adalah ip yg suka brute force. Jadi saat ip liar tsb buka port 22, koneksinya akan diterima tapi nanti tertahan. Penjelasan lengkap di url atas sbb: Adds a TARPIT target to iptables, which captures and holds incoming TCP connections using no local per-connection resources. Connections are accepted, but immediately switched to the persist state (0 byte window), in which the remote side stops sending data and asks to continue every 60-240 seconds. Attempts to close the connection are ignored, forcing the remote side to time out the connection in 12-24 minutes. Salam, ~yudi -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis
