Preventing login scripts with recent module

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Gray <stephen.gray@anu.edu.au>
To: netfilter@lists.netfilter.org
Subject: Preventing login scripts  with recent module
Date: Thu, 06 Jul 2006 16:42:54 +1000	[thread overview]
Message-ID: <44ACB0EE.5000402@anu.edu.au> (raw)

Hi everyone,

I'm trying to set up iptables to drop packets from people running 
scripts that make repeated attempts to login using different 
usernames/passwords. I'm new to iptables so would appreciate some help.

I found the following firewall rules somewhere which are supposed to 
drop packets from people who connect 4 or more attempts withing 5 
minutes (from /etc/sysconfig/iptables):

[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m 
recent --set --name SSH_RECENT --rsource
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m 
recent --update --seconds 300 --hitcount 4 --name SSH_RECENT --rsource 
-j DROP

For some reason this worked for a day or so (4 attempts within 5 mins 
and I'm locked out for 5 mins) then inexplicably stopped working. I now 
find that I'm locked out straight away - even if this is my first 
attempt to connect for 24 hours. If I remove the above lines from the 
iptables file and restart I can log in, if I add them back in I'm locked 
out.

As far as I can tell from the docs the above rules are correct. Can 
anyone tell me what the problem might be?

Thanks very much,
Steve

next             reply	other threads:[~2006-07-06  6:42 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-06  6:42 Stephen Gray [this message]
2006-07-06  8:12 ` Preventing login scripts with recent module Rob Sterenborg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44ACB0EE.5000402@anu.edu.au \
    --to=stephen.gray@anu.edu.au \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.