From: "Łukasz Hejnak" <sziftgroup@wp.pl>
To: netfilter@lists.netfilter.org
Subject: Re: SSH Brute force attacks
Date: Sat, 14 May 2005 11:08:38 +0200 [thread overview]
Message-ID: <4285C016.2060900@wp.pl> (raw)
In-Reply-To: <42824D1E.7040508@riverviewtech.net>
Taylor, Grant wrote:
>> Thanks to Grant for the info above, but for some funny reason I cant
>> get the following to work
>>
>> iptables -A SSH_Brute_Force -m recent --name SSH ! --rcheck --seconds
>> 60 -m recent --hitcount 4 --set --name SSH -j RETURN
>>
>> this what I get back:
>> =====================
>> [root@abc root]# iptables -A SSH_Brute_Force -m recent --name SSH !
>> --rcheck --seconds 60 -m recent --hitcount 4 --set --name SSH -j RETURN
>> iptables v1.2.9: Unknown arg `4'
>> Try `iptables -h' or 'iptables --help' for more information.
>> [root@ns root]#
> I'm betting that you don't have the "recent" match extension compiled in
> to the kernel directly or as a module. Try "iptables -m recent -h" to
> see if you get any output talking about recent at the bottom or if it
> complains. I don't think that the recent extension is in the base
> kernel and thus you will have to apply some patches via p-o-m to the
> kernel and iptables and recompile your self. Once you have support for
> the recent match extension you should be able to do what I have
> suggested. If you need help just ask.
Hi
I just thought I'll join in, cause I have a similar problem, but the
rest of this discussion doesn't solve it.
Like in above I have
#iptables -A SSH_Brute_Force -m recent --name SSH ! --rcheck --seconds
60 -m recent --hitcount 4 --set --name SSH -j RETURN
iptables v1.3.1: Unknown arg `4'
Try `iptables -h' or 'iptables --help' for more information.
and the iptables -m recent --help gives
#iptables -m recent --help
iptables v1.3.1
Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
<cut here>
[!] --version -V print package version.
recent v1.3.1 options:
[!] --set Add source address to list, always matches.
[!] --rcheck Match if source address in list.
<cut again>
--rdest Match/Save the destination address of
each packet in the recent list table.
ipt_recent v0.3.1: Stephen Frost <sfrost@snowman.net>.
http://snowman.net/projects/ipt_recent/
I have the 'recent match' compiled into the kernel as a module
and I had recompiled the kernel and then the iptables, and still the
above apears when executing.
Any ideas to what can be wrong here?
I'm on a HLFS system (april svn) and my kernel is now 2.6.11.9-grsec,
as I updated it to see if it's related to the problem.
The iptables I use was downloaded yesterday via svn
Also I understand that a `iptables -N SSH_Brute_Force` is mutedly
assumed? or maybe I'm missing something bigger here?
--
With regards
£ukasz Hejnak
next prev parent reply other threads:[~2005-05-14 9:08 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-06 15:57 SSH Brute force attacks Brent Clark
2005-05-06 16:40 ` Mogens Valentin
2005-05-06 19:29 ` R. DuFresne
2005-05-07 5:14 ` Taylor, Grant
2005-05-10 14:01 ` Eric Wood
2005-05-11 12:35 ` Brent Clark
2005-05-11 18:21 ` Taylor, Grant
2005-05-11 19:04 ` Pete Toscano
2005-05-11 19:15 ` Taylor, Grant
2005-05-11 19:30 ` Pete Toscano
2005-05-11 20:34 ` Jason Opperisano
2005-05-13 21:31 ` okay, I admit confusion here; R. DuFresne
2005-05-13 21:55 ` Jason Opperisano
2005-05-16 17:40 ` R. DuFresne
2005-05-16 20:55 ` Taylor, Grant
2005-05-16 21:05 ` Taylor, Grant
2005-05-14 7:02 ` SSH Brute force attacks Georgi Alexandrov
2005-05-14 15:47 ` Jason Opperisano
2005-05-15 20:12 ` Patrick Nelson
2005-05-17 0:49 ` Charlie Brady
2005-05-14 9:08 ` Łukasz Hejnak [this message]
2005-05-14 19:08 ` Taylor, Grant
2005-05-16 8:16 ` Łukasz Hejnak
2005-05-17 1:05 ` Charlie Brady
2005-05-17 5:00 ` Łukasz Hejnak
2005-05-17 5:19 ` Łukasz Hejnak
[not found] ` <42898402.10507@eccotours.dyndns.org>
2005-05-17 12:44 ` Łukasz Hejnak
2005-05-17 13:20 ` Brent Clark
2005-05-17 13:36 ` Sadus .
2005-05-17 16:06 ` Łukasz Hejnak
2005-05-17 15:21 ` Taylor, Grant
2005-05-18 12:39 ` Brent Clark
2005-05-19 4:55 ` Taylor, Grant
2005-05-19 9:05 ` Brent Clark
2005-05-19 14:39 ` Taylor, Grant
2005-05-20 13:01 ` Brent Clark
2005-05-20 14:53 ` Taylor, Grant
2005-05-23 16:31 ` Brent Clark
2005-06-02 16:13 ` Sadus .
2005-06-02 16:43 ` Taylor, Grant
2005-06-02 19:18 ` Sadus .
2005-06-13 14:39 ` Taylor, Grant
2005-06-13 16:17 ` Patrick Nelson
2005-06-13 16:27 ` /dev/rob0
2005-06-13 19:00 ` R. DuFresne
2005-05-18 16:54 ` Jim Miller
2005-05-18 17:51 ` Łukasz Hejnak
2005-05-19 2:09 ` Taylor, Grant
2005-05-21 8:00 ` Пётр Волков Александрович
2005-05-21 22:37 ` Taylor, Grant
2005-05-22 7:11 ` Пётр Волков Александрович
2005-05-22 10:09 ` Marius Mertens
2005-05-22 10:57 ` Łukasz Hejnak
2005-05-23 16:14 ` Taylor, Grant
2005-05-17 6:55 ` Taylor, Grant
[not found] ` <1116333615.24331.4.camel@debianbox>
2005-05-17 15:25 ` Taylor, Grant
2005-05-23 16:53 ` Taylor, Grant
2005-05-24 16:19 ` Marius Mertens
2005-05-25 5:35 ` Brent Clark
2005-05-25 8:48 ` Marius Mertens
2005-05-25 18:10 ` Taylor, Grant
2005-05-26 11:17 ` Brent Clark
2005-05-31 4:12 ` Taylor, Grant
2005-05-31 10:06 ` Brent Clark
2005-05-31 14:17 ` Taylor, Grant
2005-05-28 23:24 ` Sebastian Siewior
2005-05-29 1:01 ` Taylor, Grant
2005-05-07 5:32 ` Taylor, Grant
2005-05-08 15:20 ` Alistair Tonner
2005-05-08 18:51 ` Dwayne Hottinger
2005-05-08 22:57 ` Alexander Samad
2005-05-09 5:41 ` Taylor, Grant
2005-05-09 5:46 ` Taylor, Grant
2005-06-02 18:26 ` SSH Brute force attacks - Script version 1.0 Taylor, Grant
2005-07-25 19:41 ` Steven M Campbell
2005-07-26 6:18 ` Jan Engelhardt
-- strict thread matches above, loose matches on Subject: below --
2005-05-06 22:03 SSH Brute force attacks Gary W. Smith
2005-05-11 13:20 Alireza Yazdani
2005-05-11 19:49 zeus
2005-05-19 14:48 info
2005-05-19 15:01 ` Andrew Schulman
2005-05-19 15:31 info
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4285C016.2060900@wp.pl \
--to=sziftgroup@wp.pl \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox