[ILUG] SSH dictionary attacks.
Niall O Broin
niall.obroin at gmail.com
Wed Aug 23 17:05:34 IST 2006
On 8/23/06, Colm Buckley <colm at tuatha.org> wrote:
> On 23 Aug 2006, at 11:54, Aine Douglas wrote:
> > I'm getting sick of seeing log entries for SSH dictionary attacks, the
> > latest coming in the middle of me watching a live log while trying to
> > solve a problem.
> One thing I've found extremely useful is the implementation of port
> knocking; whereby the SSH port doesn't open up to a given client
> until a connection attempt has been made to some other port. This is
> easily-implementable using iptables (and is pretty well supported by
> most iptables-generator systems such as Shorewall).
> See http://www.shorewall.net/PortKnocking.html for more.
> This doesn't answer your question, but might provide a different way
> of solving your problem.
Something I like the idea of is using iptables to rate limit. Shorewall
supports this, and I have it implemented on one shorewall box like this
DNAT net loc:192.168.1.69 TCP 22 -
but it doesn't work - iptables -L output doesn't show this limit at all. Any
shorewall aces got any ideas?
More information about the ILUG