SSH2
Cleber P. de Souza
cleberps at gmail.com
Wed Apr 6 11:29:36 UTC 2005
There is some job in prevent this SSH Attack by using port knocking
techniques with iptables.
With it will be need to do a probe in a other port from the admin
choice to later do the ssh connection. This don't prevent all the
attack, but will block all the script kiddies.
Look at: http://www.soloport.com/iptables.html and http://www.portknocking.org/
On Apr 6, 2005 1:09 AM, Mike Klinke <mklinke at axsi.com> wrote:
> On Tuesday 05 April 2005 17:43, Chris W. Parker wrote:
> > I wonder why though the firewall (iptables) doesn't automatically
> > block ip addresses after say 20 failed attempts? Is this
> > possible?
>
> You can run sshd via xinetd for access to various filtering. For
> example you can set up for example you can specify:
>
> per_source ---
>
> Takes an integer or "UNLIMITED" as an argument. This specifies the
> maximum instances of this service per source IP address.
>
> cps ---
>
> Limits the rate of incoming connections. Takes two arguments.
> The first argument is the number of connections per second to
> handle. If the rate of incoming connections is higher than this,
> the service will be temporarily disabled. The second argument is
> the number of seconds to wait before re-enabling the service after
> it has been disabled.
>
> only_from ---
>
> Limit connection to certain addresses.
>
> and others ----
>
> see "man xinetd.conf"
>
> Example /etc/xinetd.d/ssh file:
>
> service ssh
> {
> disable = no
> socket_type = stream
> type = UNLISTED
> port = 22
> protocol = tcp
> wait = no
> user = root
> server = /usr/sbin/sshd
> server_args = -i -u0
> only_from = <ip address/range>
> }
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Cleber P. de Souza
More information about the redhat-list
mailing list