Saturday, May 4, 2013

SSH Brute Force Attacks

Years ago, some vagrant made a SSH password brute forcer and my servers got around 10,000 SSH login attempts per hour. I fixed it with an iptables rate limit rule:
iptables -A INPUT -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

No comments:

Post a Comment

On topic comments are welcome. Junk will be deleted.