Throttle ssh connections

This entry was posted by Tuesday, 7 April, 2009
Read the rest of this entry »

Limit the number of connections a host can make to sshd (3 in 60 seconds), if the limit is exceeded new conections are dropped (for 60 seconds). This seems to stop those pesky dictionary attacks.

My iptables script is /etc/networks/iptables and is run from /etc/networks/interfaces under the eth0 section like so:

pre-up /etc/networks/iptables

iptables script snippit:

# Create SSH chain
/sbin/iptables -N SSH
/sbin/iptables -A SSH -m state –state NEW -m recent –update \
–seconds 60 –hitcount 3 -j DROP
/sbin/iptables -A SSH -p tcp -m state –state NEW -m recent –set
/sbin/iptables -A SSH -p tcp -j ACCEPT

# Jump ssh trffic to SSH chain
/sbin/iptables -A INPUT -p tcp –dport 22 -j SSH

Last-Modified: 2007-03-07 19:38:50

Tags: , ,
Category: Scripts
You can follow any responses to this entry via RSS.
You can leave a comment or trackback from your own site.

Leave a Reply