Hi,
to prevent scripted dictionary attacks to
sshd
I applied those iptables rules:
-A
INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set
--name SSH --rsource
What I have done to totally thwart script-kiddy attacks against SSH is to
1) Move sshd to another port, one higher than 5000 2) configure SSH for RSA-KEY authentication ONLY IE no PAM auth 3) Set up Fail2Ban to auto ip-table block ANY offending IPs after 5 tries.
Script kiddies assume ssh is on port 22, and mosr posr scans don't go as high as 5000.
Since I implement this strategy a month ago, I have seen ZERO attempts against SSH
_______________________________________________
CentOS mailing
list
CentOS@centos.org