[PLUG-TALK] Increased System Probes/Cracking Attempts

MJang mike at mommabears.com
Wed Apr 28 18:58:27 UTC 2010


On Wed, 2010-04-28 at 06:18 -0700, Rich Shepard wrote:
> Starting yesterday we've been subjected to a flood of cracking attempts
> that are rejected by the firewall, about every minute or two. There have
> also been several thousand sshd attempts and more than 16K rejected e-mails
> yesterday alone. These numbers are much higher than I've seen before.

Dear Rich, 

nmap scans and gets alternate ports far too quickly. I use the following
iptables firewall rules, which slows down cracking attempts to a crawl.
Of course, I also disable root SSH logins.

-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent
--set --name SSH --rsource
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 --rttl --name SSH --rsource -j DROP

Thanks,
Mike




More information about the PLUG-talk mailing list