Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Iptables prevents ssh from brute force cracking

2025-02-26 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Recently, I played shadowsocks proxy on the Bluemix virtual machine provided by IBM for free. When I checked the log, I inadvertently found that many bad guys were violently cracking my ssh. It was really well-intentioned. I used key to log in, so I also wanted to stop this behavior. At first, it was a reject of a single ip, and then grep checked the log and found that many bad guys were doing sabotage, so I found the following sentence to stop it.

[root@/var/log/audit01:54] # grep fail / var/log/audit/audit.* | cut-d``-f11 | cut-dwindlers'- f2 | sort | uniq-c | sort-n-K1-r 14634 58.218.211.38 10228? 7621 "/ usr/sbin/sshd" 2055 222.186.56.5 1423 59.45.79.51 467 59.45.79.36 44.183.75 448 41.215.4.70 332 222 .186.52.158 312 218.65.30.92 183 103.31.80.226 182 5.10.78.52 174 mail.nairobiwater.co.ke 156 91.201.236.114 124 5.10.78.54 99 195.225.58.153 93 61.132.52.22 91 34.4e.0a05.ip4.static.sl-reverse.com 63 218.26.243.138 62 36.4e.0a05.ip4.static .sl-reverse.com 54 115.92.27.100 46 jsjty.com 45 45.64.97.51 22 201.238.210.145 21 213.136.91.9 18 193.169.86.77 15 62.212.73.196 12 112.74.35.46 12 109.169.48.140 iptables-I INPUT-p tcp-- dport 22-I eth0-m state-- state NEW-m recent-- Setiptables-I INPUT-p tcp-- dport 22-I eth0-m state-- state NEW-m recent-- update-- seconds 60-- hitcount 4-j DROP

The first sentence says that for foreign data, if it is the TCP protocol, the destination port number is 22, the network interface is eth0, and the status is a new connection, then add it to the recent list.

The second sentence says that for such a connection, if it is in the most recent list and reaches or exceeds four times in 60 seconds, the data is discarded. The-m in it means module. That is, if someone tries to log in to ssh four times a minute from an IP connection, it will be blacklisted and subsequent connections will be discarded.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Bad guys data logs login violence good intentions that is single slogan foreign meaning interface inadvertently time module status goal network behavior vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Redmi Shulou Tech Info Apple MySQL Docker vpn Microsoft Xiaomi Huawei NVidia Linux MariaDB macOS OPPO Reno Shulou Information Shulou Technology Redmi Shulou Tech Info Apple MySQL Docker vpn Microsoft Xiaomi Huawei NVidia Linux MariaDB macOS OPPO Reno Shulou Information Shulou Technology

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report