[mythtv-users] Semi-OT: Blocking Brute Force SSH attacks
Tim Fenn
fenn at stanford.edu
Sat Oct 20 22:56:34 UTC 2007
On Fri, 19 Oct 2007 19:32:09 -0400 Mike Poublon
<poublon at geeksoft.dyndns.org> wrote:
> Jay R. Ashworth wrote:
> > If you've tunneled SSH traffic through to your Mythbox, you're
> > likely the target of brute-force SSH attacks, some of which might
> > well work.
> >
> > The most elegant solution I've found so far is here:
> >
> > http://www.la-samhna.de/library/brutessh.html#5
> >
> > This won't block attacks that "know" about a specific bug in your
> > sshd, so you need to stay updated, but for the dictionary attacks
> > it will work nicely, and it'll sure keep your logs from growing
> > without bounds...
> >
> > Cheers,
> > -- jra
> >
> I've created a small php webpage that I run on my linux router that
> lets me log in and dynamically add a rule to iptables on the fly with
> a single click of a button. This way, as long as I can browse the web
> I can get SSH access.
>
You can do everything in iptables - forget denyhosts or external
scripts:
/sbin/iptables -N SSH
/sbin/iptables -F SSH
/sbin/iptables -A SSH -m recent --name SSH --set --rsource
/sbin/iptables -A SSH -i ! ${IFext} -j RETURN
/sbin/iptables -A SSH -m recent ! --rcheck --seconds 60 --hitcount 3
--name SSH --rsource -j RETURN /sbin/iptables -A SSH -j DUMP
(IFext is my external interface).
then just jump to the rule chain, and accept the packet if it makes it
through:
/sbin/iptables -A INPUT -p tcp -i ${IFext} --dport ssh -m state --state
NEW -j SSH
/sbin/iptables -A INPUT -p tcp -i ${IFext} --dport ssh -j ACCEPT
HTH,
Tim
--
CAPS LOCK IS THE CRUISE CONTROL OF AWESOMNESS
More information about the mythtv-users
mailing list