Comments on: Using IPTables to Prevent SSH Brute Force Attacks http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html Java, ATG, Seam, and related Technologies Sat, 22 Nov 2008 18:17:21 +0000 http://wordpress.org/?v=2.6.1 By: Tim http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html#comment-10194 Tim Fri, 22 Aug 2008 08:44:16 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-10194 Thnx this helps me out a lot, I was looking for something like this already. @Andries Still some clients (like on iphone) don't support different ports then 22 Thnx this helps me out a lot, I was looking for something like this already.

@Andries
Still some clients (like on iphone) don’t support different ports then 22

]]> By: Devon http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html#comment-9724 Devon Sun, 10 Aug 2008 02:37:41 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-9724 @Andreis: Good question. A few answers: 1) a different port is a good idea for part of a security solution, but you should still have measures in place to prevent brute force attacks. Port scanning to identify ssh server ports isn't hard. You might duck a large number of automated scanners, but it won't do anything for a targeted attack. My solution will. So you should do the above anyhow:) 2) one of the main reasons I don't run on a different port myself is convenience. I ssh in from a large number of other servers, and scp files frequently. Having to specify a port every time I do any of that would be a pain. @Andreis: Good question.

A few answers:

1) a different port is a good idea for part of a security solution, but you should still have measures in place to prevent brute force attacks. Port scanning to identify ssh server ports isn’t hard. You might duck a large number of automated scanners, but it won’t do anything for a targeted attack. My solution will. So you should do the above anyhow:)

2) one of the main reasons I don’t run on a different port myself is convenience. I ssh in from a large number of other servers, and scp files frequently. Having to specify a port every time I do any of that would be a pain.

]]> By: Andries Louw Wolthuizen http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html#comment-9723 Andries Louw Wolthuizen Sun, 10 Aug 2008 02:26:02 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-9723 Why would you run SSH on port 22? Running sSH on a other port is a simple solution, that keeps most of the attempts out. Why would you run SSH on port 22? Running sSH on a other port is a simple solution, that keeps most of the attempts out.

]]> By: Branitar http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html#comment-8750 Branitar Fri, 25 Jul 2008 10:09:25 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-8750 Ahh I guess I figured it out. To make the rules above permanent I just have to save them to a file (as you did in the script in the other article) and edit the interfaces file to load my rules file. Thanks a lot! I'm very new to the iptables business and reading through the manual pages I dint really get how to do the 3 attempts thing. So your blog was kind of a live-safer :) Ahh I guess I figured it out. To make the rules above permanent I just have to save them to a file (as you did in the script in the other article) and edit the interfaces file to load my rules file.

Thanks a lot! I’m very new to the iptables business and reading through the manual pages I dint really get how to do the 3 attempts thing. So your blog was kind of a live-safer :)

]]> By: Devon http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html#comment-8731 Devon Fri, 25 Jul 2008 02:07:08 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-8731 I save my iptables rules and have them loaded at startup using the commands here: http://www.digitalsanctuary.com/tech-blog/debian/how-to-block-an-ip-in-linux.html As for the block, it's just for a few minutes (in case I lock myself out - which I've done before), but totally breaks any brute-force attempt, since they never stop trying, and hence stay blocked out until they've given up. Does that answer your question? I save my iptables rules and have them loaded at startup using the commands here:

http://www.digitalsanctuary.com/tech-blog/debian/how-to-block-an-ip-in-linux.html

As for the block, it’s just for a few minutes (in case I lock myself out - which I’ve done before), but totally breaks any brute-force attempt, since they never stop trying, and hence stay blocked out until they’ve given up.

Does that answer your question?

]]> By: Branitar http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html#comment-8712 Branitar Thu, 24 Jul 2008 20:28:00 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-8712 Is this an immediate measure or do you also have it in a script somewhere so it is started with your server? Is this an immediate measure or do you also have it in a script somewhere so it is started with your server?

]]>