[CentOS] Re: IPTables Blocking Brute Forcers

Thu Nov 16 18:36:50 UTC 2006
Steve Snyder <swsnyder at insightbb.com>

On Thursday 16 November 2006 12:10 pm, Brian Marshall wrote:
[snip]
> Does anyone have suggestions on how I can script IPTables or put some
> other security measure in place that could detect brute-forcing and
> reject from their IP?

You can use IPTables to limit the rate of connections.  I allow only 2 
connections from a given IP address within each 3 minute period.

That allows for a quick retry when I mis-type the password, but makes for 
a very sloooooooow brute force attack.  Most script kiddies aren't 
willing to put in that kind of time on a single target.  I hardly ever 
see more than 2 attempts to crack my box now.