Gentoo Archives: gentoo-hardened

From:	Jason Booth <jbooth@××××××××××××××××.net>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] Re: Hardening SSHD
Date:	Sun, 29 Oct 2006 17:51:41
Message-Id:	`200610291051.40970.jbooth@hyperintelligent.net`
In Reply to:	Re: [gentoo-hardened] Re: Hardening SSHD by Paulo Roberto Candido dos Santos

1	On Wednesday 25 October 2006 11:08, Paulo Roberto Candido dos Santos wrote:
2	> Hello, I think you might find this useful:
3	>
4	> iptables -N REJECT-SSH
5	> iptables -A REJECT-SSH -j DROP -m recent --rcheck --name SSH --seconds 60
6	> --hitcount 10
7	> iptables -A REJECT-SSH -j LOG --log-prefix SSH-Bruteforce:
8	> iptables -A REJECT-SSH -j REJECT -p tcp --reject-with tcp-reset
9	> iptables -A REJECT-SSH -j REJECT
10	>
11	> iptables -A FORWARD -p tcp --dport 22 -m state --state NEW -m recent
12	> --update --name SSH --seconds 60 --hitcount 4 -j REJECT-SSH
13	> iptables -A FORWARD -p tcp --dport 22 -m state --state NEW -m recent --set
14	> --name SSH
15	>
16	iptables -N FLOOD
17	iptables -I INPUT -p tcp -j FLOOD
18	iptables -A FLOOD -p tcp -m state --state NEW -m recent --name FLOOD --set
19	iptables -A FLOOD -p tcp -m state --state NEW -m recent --name FLOOD \
20	--update --seconds 60 --hitcount 8 -j DROP
21
22	would apply this to all tcp services, synfloods, and syn portscans...
23
24	Cheers,
25	Jason
26
27	--
28	gpg public key: http://lazybird.hyperintelligent.net/~jbooth/jbooth_key.asc
29	--
30	gentoo-hardened@g.o mailing list