Comments on: Brute force password attacks on Linux over SSH http://blog.lobstertechnology.com/2006/02/08/brute-force-passwords-attacks-on-linux-over-ssh/ "I felt a great disturbance in the Force, as if millions of peers suddenly cried out in terror and were suddenly silenced." Sun, 22 Oct 2006 16:31:52 +0100 http://wordpress.org/?v=2.8.4 hourly 1 By: Bob http://blog.lobstertechnology.com/2006/02/08/brute-force-passwords-attacks-on-linux-over-ssh/comment-page-1/#comment-1482 Bob Sat, 02 Sep 2006 16:26:49 +0000 http://blog.lobstertechnology.com/2006/02/08/brute-force-passwords-attacks-on-linux-over-ssh/#comment-1482 Actually, I use SCP all the time. Never have a problem with it, but usually tgz all the files prior to transfer. The SSH protocol may only make the initial connection to port 22 and then transfer to other ports for the additional connections - IIRC that's the way standard FTP works. Actually, I use SCP all the time. Never have a problem with it, but usually tgz all the files prior to transfer. The SSH protocol may only make the initial connection to port 22 and then transfer to other ports for the additional connections – IIRC that’s the way standard FTP works.

]]> By: gerry http://blog.lobstertechnology.com/2006/02/08/brute-force-passwords-attacks-on-linux-over-ssh/comment-page-1/#comment-93 gerry Tue, 28 Feb 2006 17:50:24 +0000 http://blog.lobstertechnology.com/2006/02/08/brute-force-passwords-attacks-on-linux-over-ssh/#comment-93 Interesting... I take it you don't use SCP/SFTP often then? Surely transferring lots of files over SFTP with some clients will cause more than N connections and hence get ya blocked? Interesting…
I take it you don’t use SCP/SFTP often then?

Surely transferring lots of files over SFTP with some clients will cause more than N connections and hence get ya blocked?

]]> By: Bob http://blog.lobstertechnology.com/2006/02/08/brute-force-passwords-attacks-on-linux-over-ssh/comment-page-1/#comment-90 Bob Sat, 25 Feb 2006 00:00:53 +0000 http://blog.lobstertechnology.com/2006/02/08/brute-force-passwords-attacks-on-linux-over-ssh/#comment-90 Not sure where I found this, but I added these rules to my iptables configuration. It limits the number of access attempts to an ssh port. If an ip address connects more than 3 times they are locked out for 600 seconds. Mostly eliminated hacker attacks on my ssh port. # rate-limit ssh traffic iptables -I INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 600 --hitcount 4 -j DROP Not sure where I found this, but I added these rules to my iptables configuration. It limits the number of access attempts to an ssh port. If an ip address connects more than 3 times they are locked out for 600 seconds. Mostly eliminated hacker attacks on my ssh port.

# rate-limit ssh traffic

iptables -I INPUT -p tcp –dport 22 -i eth1 -m state –state NEW -m recent –set

iptables -I INPUT -p tcp –dport 22 -i eth1 -m state –state NEW -m recent –update –seconds 600 –hitcount 4 -j DROP

]]> By: Web Of Shite http://blog.lobstertechnology.com/2006/02/08/brute-force-passwords-attacks-on-linux-over-ssh/comment-page-1/#comment-79 Web Of Shite Thu, 09 Feb 2006 02:10:14 +0000 http://blog.lobstertechnology.com/2006/02/08/brute-force-passwords-attacks-on-linux-over-ssh/#comment-79 <strong>SSHD Filter</strong> sshdfilter helps protect against bruteforce attacks. ... SSHD Filter

sshdfilter helps protect against bruteforce attacks.

]]>