Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20/21 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 29th September 2006, 05:23 AM
sebnukem Offline
Registered User
 
Join Date: May 2004
Location: Colorado
Age: 42
Posts: 159
Thumbs up iptable brute attack filter fixed with kernel 2.6.18

Not a question but I thought I would share this with everyone.

The iptables "recent" module has finally been completely rewritten and fixed with the kernel 2.6.18. It allows protection against brute force attacks (against SSH or FTP for example).

I get such attacks daily. Here is an example of use that works well for me, assuming that all ports are DROPed by default:
Code:
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name ssh
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 300 --hitcount 4 --rttl --name ssh -j LOG --log-prefix "[SSH BF ATTACK] "
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 300 --hitcount 4 --rttl --name ssh -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
This tells the firewall to log and reject anyone (the source IP) who tried to open an ssh connection to my server more than 3 times (--hitcount) in less than 5 minutes (--seconds). The state is stored in the /proc/net/ipt_recent/ssh file (--name). The connection is reopen when the number of tries in the last 5 minutes drops below 4.
Reply With Quote
Reply

Tags
attack, brute, filter, fixed, iptable, kernel

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


Current GMT-time: 22:05 (Monday, 22-12-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
...MAS Engineering Hangar5, KLIA Travel Photos - Ceasar's Palace Photos on Instagram