Slashdot Mirror

← Back to Users

User: etm

etm's activity in the archive.

Stories
0
Comments
2
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 2

  1. Re:iptables and ipchains scripts to limit SSH acce on New ssh Exploit in the Wild · · Score: 1

    Sorry, first post to /. , HTML format standard and too used to BBs with auto br

    Let's try this again:

    An other temporary fix with iptables could be done with the recent module [1] by doing

    iptables -A FORWARD -p TCP --dport 22 --syn -m recent --name SSHCHECK --set
    iptables -A FORWARD -p TCP -i eth0 --dport 22 --syn -m recent --hitcount 20 --update --name SSHCHECK --seconds 60 -j DROP

    This way more than 20 SYN connection attempts per minute per IP will lead to blacklisting for as long as the potential attacker keeps hammering with connections. After 60 seconds of inactivity the IP will be delisted from the backlist. This could be useful as a script kiddie exploit will probably try lots of successive connections to cause the memory corruption

    [1]: http://snowman.net/ projects/ipt_recent/

  2. Re:iptables and ipchains scripts to limit SSH acce on New ssh Exploit in the Wild · · Score: 1

    An other temporary fix with iptables could be done with the recent module [1] by doing iptables -A FORWARD -p TCP --dport 22 --syn -m recent --name SSHCHECK --set iptables -A FORWARD -p TCP -i eth0 --dport 22 --syn -m recent --hitcount 20 --update --name SSHCHECK --seconds 60 -j DROP This way more than 20 SYN connection attempts per minute per IP will lead to blacklisting for as long as the potential attacker keeps hammering with connections. After 60 seconds of inactivity the IP will be delisted from the backlist. This could be useful as a script kiddie exploit will probably try lots of successive connections to cause the memory corruption [1]: http://snowman.net/projects/ipt_recent/