[geeks] SSH Scans Increasing
Patrick Giagnocavo
patrick at zill.net
Thu Aug 21 08:34:01 CDT 2008
Jonathan C. Patschke wrote:
> Has anyone else seen a very sharp increase in the number of SSH scans
> since this weekend?
This won't stop it, but I found that reducing the time allowed for log
in to 5 seconds before being disconnected, and only allowing 1 attempt
at the proper password, seemed to result in less scans.
Would be great to have support in PF for the iptables connection limit
feature, where you can do something like:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
recent --update --seconds 60 --hitcount 4 -j DROP
or whatever. Of course, PF syntax is so much nicer and more readable
than iptables.
--Patrick
More information about the geeks
mailing list