Posts Tagged throttle

Throttle SSH Connections

Posted by on Friday, 22 May, 2009

I run this on my VPS to throttle SSH connections from dictionary attacks (OR disable keyboard based auth and alow only shared keys. No key, no access!).

Configure your services properly rather than relying on a firewall to secure you against lazy configurations. This is all I use IPTables for.

/etc/network/iptables.conf

#!/bin/bash
# iptables script.
#
# These lines are here in case rules are already in place and the script is ever rerun on the fly.
# We want to remove all rules and pre-exisiting user defined chains and zero the counters
# before we implement new rules.
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/ip6tables -F
/sbin/ip6tables -X
/sbin/ip6tables -Z
# Drop all IPv6 connections.
/sbin/ip6tables -P INPUT DROP
# Create SSH chain.
/sbin/iptables -N SSH
/sbin/iptables -A SSH -m state --state NEW -m recent --update --seconds 600 --hitcount 3 -j DROP
/sbin/iptables -A SSH -p tcp -m state --state NEW -m recent --set
/sbin/iptables -A SSH -p tcp -j ACCEPT
# Jump ssh trffic to SSH chain.
/sbin/iptables -A INPUT -p tcp --dport 22 -j SSH

Throttle ssh connections

Posted by on Tuesday, 7 April, 2009

Limit the number of connections a host can make to sshd (3 in 60 seconds), if the limit is exceeded new conections are dropped (for 60 seconds). This seems to stop those pesky dictionary attacks.

My iptables script is /etc/networks/iptables and is run from /etc/networks/interfaces under the eth0 section like so:

pre-up /etc/networks/iptables

iptables script snippit:

# Create SSH chain
/sbin/iptables -N SSH
/sbin/iptables -A
SSH -m state –state NEW -m recent –update \
–seconds
60 –hitcount 3 -j DROP
/sbin/iptables -A
SSH -p tcp -m state –state NEW -m recent –set
/sbin/iptables -A
SSH -p tcp -j ACCEPT

# Jump ssh trffic to SSH chain
/sbin/iptables -A INPUT -p tcp –dport 22 -j SSH

Last-Modified: 2007-03-07 19:38:50