1 |
On Wednesday 25 October 2006 11:08, Paulo Roberto Candido dos Santos wrote: |
2 |
> Hello, I think you might find this useful: |
3 |
> |
4 |
> iptables -N REJECT-SSH |
5 |
> iptables -A REJECT-SSH -j DROP -m recent --rcheck --name SSH --seconds 60 |
6 |
> --hitcount 10 |
7 |
> iptables -A REJECT-SSH -j LOG --log-prefix SSH-Bruteforce: |
8 |
> iptables -A REJECT-SSH -j REJECT -p tcp --reject-with tcp-reset |
9 |
> iptables -A REJECT-SSH -j REJECT |
10 |
> |
11 |
> iptables -A FORWARD -p tcp --dport 22 -m state --state NEW -m recent |
12 |
> --update --name SSH --seconds 60 --hitcount 4 -j REJECT-SSH |
13 |
> iptables -A FORWARD -p tcp --dport 22 -m state --state NEW -m recent --set |
14 |
> --name SSH |
15 |
> |
16 |
iptables -N FLOOD |
17 |
iptables -I INPUT -p tcp -j FLOOD |
18 |
iptables -A FLOOD -p tcp -m state --state NEW -m recent --name FLOOD --set |
19 |
iptables -A FLOOD -p tcp -m state --state NEW -m recent --name FLOOD \ |
20 |
--update --seconds 60 --hitcount 8 -j DROP |
21 |
|
22 |
would apply this to all tcp services, synfloods, and syn portscans... |
23 |
|
24 |
Cheers, |
25 |
Jason |
26 |
|
27 |
-- |
28 |
gpg public key: http://lazybird.hyperintelligent.net/~jbooth/jbooth_key.asc |
29 |
-- |
30 |
gentoo-hardened@g.o mailing list |