LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-11-2009, 02:14 AM   #1
FireRaven
Member
 
Registered: Apr 2006
Location: Australia
Distribution: Debian Squeeze
Posts: 135

Rep: Reputation: 18
Block IP after failed login attempt using iptables?


Hi,
I keep getting hundreds of SSH failed logins per day.

Is there a way with iptables, i can say if a user connects too to port 22 over 8 times in 10 minuntes, then block them for an hour?

I know this is possible I've seen it done, but I can't find anywhere how to do it...
 
Old 08-11-2009, 02:19 AM   #2
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,257

Rep: Reputation: 53
Quote:
Originally Posted by FireRaven View Post
Hi,
I keep getting hundreds of SSH failed logins per day.

Is there a way with iptables, i can say if a user connects too to port 22 over 8 times in 10 minuntes, then block them for an hour?

I know this is possible I've seen it done, but I can't find anywhere how to do it...
Install apf and bfd:
http://rfxnetworks.com/

lsm is good too.
 
Old 08-11-2009, 04:50 AM   #3
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,012

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
Please read the sticky in this forum.

[Edit]
Where this has already been discussed in detail.
Any "improvements" to the suggested solutions belong there.
[/Edit]

Last edited by tredegar; 08-11-2009 at 12:55 PM.
 
Old 08-11-2009, 04:52 AM   #4
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,501

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
chane the ssh port from 22 to 2222
 
Old 08-11-2009, 05:53 AM   #5
hemanshurpatel
Member
 
Registered: Jul 2009
Location: India
Distribution: fedora 12
Posts: 36

Rep: Reputation: 15
Install snort with IPS facilities

it will take care of all those IPs and block them if they try with wrong password for configurable no of times.
 
Old 08-11-2009, 11:55 AM   #6
curtisa
Member
 
Registered: Oct 2005
Location: Switzerland
Distribution: Ubuntu
Posts: 33

Rep: Reputation: 16
Try fail2ban as well. Works perfectly for this.
 
Old 08-11-2009, 12:33 PM   #7
eth1
Member
 
Registered: May 2008
Posts: 97

Rep: Reputation: 20
You can also check CSF +BFD which is quite commonly used in the servers we manage.

Lot of customizations can be made w.r.t Ingress and Outgress filtering, plus you can manually block/unblock an IP address using csf -d, csf -a etc.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
fsck.ext3: Attempt to read block from filesystem trouble dolphans1 Mandriva 12 10-07-2009 04:30 AM
Error reading block "x" (Attempt to read block from....... pvandyk2005 Slackware 6 07-06-2008 05:25 AM
What does it mean: Attempt to load non-existent block-major-### theillien Linux - Server 0 06-19-2007 12:23 PM
hosts.deny doesn't block an SSH attempt vmattila Linux - Security 4 11-14-2004 12:18 PM
every attempt has failed ed_norton Linux - Newbie 3 04-03-2004 04:59 PM


All times are GMT -5. The time now is 04:45 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration