Block brute force attacks with iptables
Feb 1, 2012 00:00 · 98 words · 1 minute read
I have just checked ssh logs from my server and found lots of records like this:
Jan 30 17:01:51 alpha sshd[17415]: Invalid user mick from 50.56.220.16
Brut force attack on my SSH server! So, what can we do to block this attack? Easy - we can do it with iptables and recent module (xt_recent module should be compiled with kernel).
$>iptables -N SSH
$>iptables -A SSH -m recent --name ssh --update --seconds 180 --hitcount 3 -j DROP
$>iptables -A SSH -m recent --name ssh --set
$>iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH