UnixServerAdmin

Server Administration & Management

Securing SSH against Bruteforce attacks

By IPtables, We can secure SSH server against bruteforce attacks

:- Create a new table…

# iptables -N SSH_WHITELIST

:- On the input chain, mark new packets with the SSH ‘tag’

# iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –set –name SSH

:- Push new ssh connections through the SSH_WHITELIST table

# iptables -A INPUT -p tcp –dport 22 -m state –state NEW -j SSH_WHITELIST

:- Limit 4 connections from an ip per 60 seconds, to be more strict, use 300 seconds.
:- Log connections that go over this limit and drop the packets.

# iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 –rttl –name SSH -j ULOG –ulog-prefix SSH_brute_force

# iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 –rttl –name SSH -j DROP

:- Check source IPs, if they match trusted hosts, remove SSH ‘tag’ and accept the traffic.

# iptables -A SSH_WHITELIST -s 10.0.1.1 -m recent –remove –name SSH -j ACCEPT

# iptables -A SSH_WHITELIST -s 192.168.88.0/24 -m recent –remove –name SSH -j ACCEPT

# /etc/init.d/iptables save

# chkconfig iptables on

Advertisements

September 7, 2011 - Posted by | Firewall, Security, SSH | , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: