Hi All,
Since past 2 days I am getting SSH login attempts at a rate of 1 attempt per second from different IPs. I believe its a script based attack to beark-in.
How can I setup a security where-in I restrict max SSH login attempts from any IP to just 2 per minute. If this limit is breached, start to drop packets from the source_ip for 10 minutes...
Request for pointers to learn this protection.
Thank you in advance.
regards, Vai
Yup SSH login attempts are quite common these days. Put SSH on some other port probably it will block brute force attacks. Also use portsentry which will lock out port scanners. regards - asit. On 6 May 2005 08:10:42 -0000, vaibhav samant vaibhav_samant@rediffmail.com wrote:
Hi All,
Since past 2 days I am getting SSH login attempts at a rate of 1 attempt per second from different IPs. I believe its a script based attack to beark-in.
How can I setup a security where-in I restrict max SSH login attempts from any IP to just 2 per minute. If this limit is breached, start to drop packets from the source_ip for 10 minutes...
Request for pointers to learn this protection.
Thank you in advance.
regards, Vai -- http://mm.ilug-bom.org.in/mailman/listinfo/linuxers
Asit Vadhavkar wrote:
Put SSH on some other port probably it will block brute force attacks. Also use portsentry which will lock out port scanners.
vaibhav samant wrote:
Hi All,
Since past 2 days I am getting SSH login attempts at a rate of 1 attempt per second from different IPs. I believe its a script based attack to beark-in.
For those new to firewalls in linux, 'firestarter' is a good gui based firewall. http://www.fs-security.com/
Its latest version has the 'lookup hostname' function working but in the older version it does not work even though it is present. It can be set to block all external connection attempts. I tried both versions for different distros and they block properly. Debian Sarge comes with the older version in the 'packages' list.
Please configure the firewall before full online usage. If you use dialup, it will not display the ppp0 option till you have actually established a connection so first quickly go to the 'External Device' and select ppp0 as your device. Go through all the options before going online.
Regards,
Rony.
-
Asit Vadhavkar -
Rony Bill -
vaibhav samant