From: "Sadus ." <sadus@swiftbin.net>
To: Brent Clark <bclark@eccotours.dyndns.org>
Cc: netfilter@lists.netfilter.org
Subject: Re: SSH Brute force attacks
Date: Thu, 02 Jun 2005 19:13:50 +0300 [thread overview]
Message-ID: <1117728830.10257.15.camel@debianbox> (raw)
In-Reply-To: <42920563.7070406@eccotours.dyndns.org>
Is there a way to parse the attacker's IP and block it permanantly via:
iptables -A INPUT -s $IP -j DROP
and cat > /etc/hosts.deny ?
something close to what portsentry does, but using that SSH iptables
Brute force script.
This thread went big and confusion reigned on the latest version of the
Brute Force script, kindly post the latest/best iptable rules :)
thanks
On Mon, 2005-05-23 at 18:31 +0200, Brent Clark wrote:
> Taylor, Grant wrote:
> >> So... I cant see why I cant connect from a dynamically assigned ip.
> >
> >
> > Brent, I'll have to take a closer look at your script later on (complete
> > flow analysis vs just the SSH_Brute_Force chain). But for now it looks
> > like you have both versions (original and updated one) in your firewall,
> > this could be causing a few problems as I don't think it would take more
> > than one attempt in a 60 second period to get your self to the point
> > that you would be TARPITed / DROPed. However I think that you would be
> > able to connect at least 1 time from any dynamic remote IP in the 60
> > second period. Also keep in mind that the recent module (in the updated
> > version) is using an --update option which will keep track of the number
> > of times that you have tried to connect for 60 seconds after the last
> > connection attempt.
> >
>
> Hi Grant
>
> If you look carefully on the left, you will see I have hashed out the
> original rules.
>
> Thanks
>
> Kind Regards
> Brent Clark
>
--
Sadus . <sadus@swiftbin.net>
Swiftbin.net
next prev parent reply other threads:[~2005-06-02 16:13 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-06 15:57 SSH Brute force attacks Brent Clark
2005-05-06 16:40 ` Mogens Valentin
2005-05-06 19:29 ` R. DuFresne
2005-05-07 5:14 ` Taylor, Grant
2005-05-10 14:01 ` Eric Wood
2005-05-11 12:35 ` Brent Clark
2005-05-11 18:21 ` Taylor, Grant
2005-05-11 19:04 ` Pete Toscano
2005-05-11 19:15 ` Taylor, Grant
2005-05-11 19:30 ` Pete Toscano
2005-05-11 20:34 ` Jason Opperisano
2005-05-13 21:31 ` okay, I admit confusion here; R. DuFresne
2005-05-13 21:55 ` Jason Opperisano
2005-05-16 17:40 ` R. DuFresne
2005-05-16 20:55 ` Taylor, Grant
2005-05-16 21:05 ` Taylor, Grant
2005-05-14 7:02 ` SSH Brute force attacks Georgi Alexandrov
2005-05-14 15:47 ` Jason Opperisano
2005-05-15 20:12 ` Patrick Nelson
2005-05-17 0:49 ` Charlie Brady
2005-05-14 9:08 ` Łukasz Hejnak
2005-05-14 19:08 ` Taylor, Grant
2005-05-16 8:16 ` Łukasz Hejnak
2005-05-17 1:05 ` Charlie Brady
2005-05-17 5:00 ` Łukasz Hejnak
2005-05-17 5:19 ` Łukasz Hejnak
[not found] ` <42898402.10507@eccotours.dyndns.org>
2005-05-17 12:44 ` Łukasz Hejnak
2005-05-17 13:20 ` Brent Clark
2005-05-17 13:36 ` Sadus .
2005-05-17 16:06 ` Łukasz Hejnak
2005-05-17 15:21 ` Taylor, Grant
2005-05-18 12:39 ` Brent Clark
2005-05-19 4:55 ` Taylor, Grant
2005-05-19 9:05 ` Brent Clark
2005-05-19 14:39 ` Taylor, Grant
2005-05-20 13:01 ` Brent Clark
2005-05-20 14:53 ` Taylor, Grant
2005-05-23 16:31 ` Brent Clark
2005-06-02 16:13 ` Sadus . [this message]
2005-06-02 16:43 ` Taylor, Grant
2005-06-02 19:18 ` Sadus .
2005-06-13 14:39 ` Taylor, Grant
2005-06-13 16:17 ` Patrick Nelson
2005-06-13 16:27 ` /dev/rob0
2005-06-13 19:00 ` R. DuFresne
2005-05-18 16:54 ` Jim Miller
2005-05-18 17:51 ` Łukasz Hejnak
2005-05-19 2:09 ` Taylor, Grant
2005-05-21 8:00 ` Пётр Волков Александрович
2005-05-21 22:37 ` Taylor, Grant
2005-05-22 7:11 ` Пётр Волков Александрович
2005-05-22 10:09 ` Marius Mertens
2005-05-22 10:57 ` Łukasz Hejnak
2005-05-23 16:14 ` Taylor, Grant
2005-05-17 6:55 ` Taylor, Grant
[not found] ` <1116333615.24331.4.camel@debianbox>
2005-05-17 15:25 ` Taylor, Grant
2005-05-23 16:53 ` Taylor, Grant
2005-05-24 16:19 ` Marius Mertens
2005-05-25 5:35 ` Brent Clark
2005-05-25 8:48 ` Marius Mertens
2005-05-25 18:10 ` Taylor, Grant
2005-05-26 11:17 ` Brent Clark
2005-05-31 4:12 ` Taylor, Grant
2005-05-31 10:06 ` Brent Clark
2005-05-31 14:17 ` Taylor, Grant
2005-05-28 23:24 ` Sebastian Siewior
2005-05-29 1:01 ` Taylor, Grant
2005-05-07 5:32 ` Taylor, Grant
2005-05-08 15:20 ` Alistair Tonner
2005-05-08 18:51 ` Dwayne Hottinger
2005-05-08 22:57 ` Alexander Samad
2005-05-09 5:41 ` Taylor, Grant
2005-05-09 5:46 ` Taylor, Grant
2005-06-02 18:26 ` SSH Brute force attacks - Script version 1.0 Taylor, Grant
2005-07-25 19:41 ` Steven M Campbell
2005-07-26 6:18 ` Jan Engelhardt
-- strict thread matches above, loose matches on Subject: below --
2005-05-06 22:03 SSH Brute force attacks Gary W. Smith
2005-05-11 13:20 Alireza Yazdani
2005-05-11 19:49 zeus
2005-05-19 14:48 info
2005-05-19 15:01 ` Andrew Schulman
2005-05-19 15:31 info
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1117728830.10257.15.camel@debianbox \
--to=sadus@swiftbin.net \
--cc=bclark@eccotours.dyndns.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.