Setting up Rate Limiting to Prevent SSH Brute Force Attacks

Medical Technology, Healthcare & Government IT

.
Categories
Category Groups

Setting up Rate Limiting to Prevent SSH Brute Force Attacks

See these instructions: http://www.rackaid.com/resources/how-to-block-ssh-brute-force-attacks.

The following rules will block an IP if it attempts more than 3 connections per minute.
Notice that the state is set to NEW. This means only new connections not established ones are impacted.
Established connections are the result of a successful SSH authentication, so users who authenticate
properly will not be blocked.

/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -j LOG
/sbin/iptables -A LOGDROP -j DROP
/sbin/iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
/sbin/iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent  --update --seconds 60 --hitcount 4 -j DROP
Original Link

Leave a Reply