Comments on: Using IPTables to Prevent SSH Brute Force Attacks http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html Java, ATG, Seam, and related Technologies Wed, 01 Feb 2012 11:00:41 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: ZenData http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html/comment-page-1#comment-153586 ZenData Thu, 29 Sep 2011 20:18:30 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-153586 Thanks ... saved alot of time .... Thanks … saved alot of time ….

]]> By: Mark http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html/comment-page-1#comment-145395 Mark Fri, 26 Aug 2011 16:47:06 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-145395 Thanks for this. I didn't even realize I had a problem until my /var volume filled up due to a tremendously large /var/log/btmp file. Combining this with blocking a few frequent ip addresses, and the problem seems to be under control. Thanks for this. I didn’t even realize I had a problem until my /var volume filled up due to a tremendously large /var/log/btmp file. Combining this with blocking a few frequent ip addresses, and the problem seems to be under control.

]]> By: A secure, standard iptables rule-set for a basic HTTP(s) webserver http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html/comment-page-1#comment-77986 A secure, standard iptables rule-set for a basic HTTP(s) webserver Mon, 22 Nov 2010 03:36:57 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-77986 [...] Also, rather than using Denyhosts or fail2ban you could use iptables itself to block bad repeated attempts at SSH. [...] [...] Also, rather than using Denyhosts or fail2ban you could use iptables itself to block bad repeated attempts at SSH. [...]

]]> By: A secure, standard iptables rule-set for a basic HTTP(s) webserver | DeveloperQuestion.com http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html/comment-page-1#comment-70997 A secure, standard iptables rule-set for a basic HTTP(s) webserver | DeveloperQuestion.com Mon, 04 Oct 2010 18:51:25 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-70997 [...] Also, rather than using Denyhosts or fail2ban you could use iptables itself to block bad repeated attempts at SSH. [...] [...] Also, rather than using Denyhosts or fail2ban you could use iptables itself to block bad repeated attempts at SSH. [...]

]]> By: Devon http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html/comment-page-1#comment-68825 Devon Thu, 16 Sep 2010 15:13:38 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-68825 Kevin, looks good! Being a better net citizen is always good. Kevin,

looks good! Being a better net citizen is always good.

]]> By: Kevin http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html/comment-page-1#comment-68619 Kevin Wed, 15 Sep 2010 02:41:22 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-68619 What do you think about using a ruby script like this: http://github.com/nazar/report-hack-isp in tandem with your iptables solution? I see iptables as protecting your server (or mine) and the script being proactive about protecting the web a little more by alerting the ISP in charge. Thoughts? What do you think about using a ruby script like this:

http://github.com/nazar/report-hack-isp

in tandem with your iptables solution? I see iptables as protecting your server (or mine) and the script being proactive about protecting the web a little more by alerting the ISP in charge. Thoughts?

]]> By: JD http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html/comment-page-1#comment-62002 JD Thu, 01 Jul 2010 21:09:24 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-62002 Thanks, great article! How would you go about adding these blocks to a separate log file, say /var/log/iptables.log? Thanks, great article!
How would you go about adding these blocks to a separate log file, say /var/log/iptables.log?

]]> By: amdrew http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html/comment-page-1#comment-56794 amdrew Mon, 03 May 2010 18:18:56 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-56794 yea a simple solution, thanks for this great post :) yea a simple solution, thanks for this great post :)

]]> By: Devon http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html/comment-page-1#comment-48349 Devon Mon, 09 Nov 2009 18:16:57 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-48349 Good to know. It looks like the deamon mode is new-ish. However it defeats the non-root aspect you mention: <blockquote> If you are running DenyHosts in daemon mode then yes you must run DenyHosts as root. </blockquote> Good to know. It looks like the deamon mode is new-ish. However it defeats the non-root aspect you mention:

If you are running DenyHosts in daemon mode then yes you must run DenyHosts as root.

]]> By: tx http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html/comment-page-1#comment-48348 tx Mon, 09 Nov 2009 18:13:19 +0000 http://www.digitalsanctuary.com/tech-blog/?p=119#comment-48348 Denyhosts can be run in daemon mode which will actively monitor ssh logins and update hosts.deny immediately. Further it is possible to run the daemon as a non-root user (see http://denyhosts.sourceforge.net/faq.html#3_1). And lastly it is possible to tell denyhosts to block only a specified service instead of all services. Personally, I would rather block all communication from a compromised host. Denyhosts can be run in daemon mode which will actively monitor ssh logins and update hosts.deny immediately. Further it is possible to run the daemon as a non-root user (see http://denyhosts.sourceforge.net/faq.html#3_1). And lastly it is possible to tell denyhosts to block only a specified service instead of all services. Personally, I would rather block all communication from a compromised host.

]]>