[PLUG-TALK] Increased System Probes/Cracking Attempts
MJang
mike at mommabears.com
Wed Apr 28 18:58:27 UTC 2010
On Wed, 2010-04-28 at 06:18 -0700, Rich Shepard wrote:
> Starting yesterday we've been subjected to a flood of cracking attempts
> that are rejected by the firewall, about every minute or two. There have
> also been several thousand sshd attempts and more than 16K rejected e-mails
> yesterday alone. These numbers are much higher than I've seen before.
Dear Rich,
nmap scans and gets alternate ports far too quickly. I use the following
iptables firewall rules, which slows down cracking attempts to a crawl.
Of course, I also disable root SSH logins.
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent
--set --name SSH --rsource
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 --rttl --name SSH --rsource -j DROP
Thanks,
Mike
More information about the PLUG-talk
mailing list