SSH attacks
2 years ago I set up a iptables rule to stop ssh attack... something like:
# Limit SSH connections
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ATTACKER_SSH --rsource --update --seconds 600 --hitcount 6 -j DROP
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ATTACKER_SSH --rsource --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
but last month I read about fail2ban which is little easiear to configure and even more specific... and set it up in 5 minutes...
http://www.howtoforge.com/fail2ban_debian_etch
# Limit SSH connections
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ATTACKER_SSH --rsource --update --seconds 600 --hitcount 6 -j DROP
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ATTACKER_SSH --rsource --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
but last month I read about fail2ban which is little easiear to configure and even more specific... and set it up in 5 minutes...
http://www.howtoforge.com/fail2ban_debian_etch
