[CentOS] Ideas for stopping ssh brute force attacks

Spiro Harvey, Knossos Networks Ltd spiro at knossos.net.nz
Mon Jul 21 21:30:16 UTC 2008

> iptables -N SSHSCAN
> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN
> iptables -A SSHSCAN -m recent --set --name SSH
> iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 3 --name SSH
> -j DROP

hey, this is awesome. we're currently filtering log files looking for 
multiple failed connections, then adding them to iptables for a few 
minutes. this is much cleaner. :)


Spiro Harvey                  Knossos Networks Ltd
021-295-1923                    www.knossos.net.nz

More information about the CentOS mailing list