Block brute force attacks with iptables

Feb 1, 2012 00:00 · 98 words · 1 minute read Linux Networking

I have just checked ssh logs from my server and found lots of records like this:

Jan 30 17:01:51 alpha sshd[17415]: Invalid user mick from

Brut force attack on my SSH server! So, what can we do to block this attack? Easy - we can do it with iptables and recent module (xt_recent module should be compiled with kernel).

$>iptables -N SSH
$>iptables -A SSH -m recent --name ssh --update --seconds 180 --hitcount 3 -j DROP
$>iptables -A SSH -m recent --name ssh --set
$>iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH