LinuxQuestions.org - Brute Force Detection for iptables

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Brute Force Detection for iptables (https://www.linuxquestions.org/questions/linux-security-4/brute-force-detection-for-iptables-319949/)

SlAiD

05-04-2005 03:21 AM

Brute Force Detection for iptables

Hi;

I need a Brute Force Detection to iptables but it need to block automatly (ip for a day or someting) if for example 10 logins falures.

I need too a notification by e-mail.

It is possible?

Capt_Caveman

05-04-2005 07:46 AM

Iptables probably is not the most effective way to deal with bruteforce attacks. You can try limiting the number of simultaneous connection attempts, but that is a rather crude way of dealing with it. Using PAM or tcp wrappers (hosts.allow/deny) would probably be better.

Also take a look here.

SlAiD

05-05-2005 01:58 PM

Hi;

I need to add the code in my iptables file rules, right?
How i know what is it?
Then i make a simple 'paste' and use service firewall restart?

I'm a litle n00b with linux... sorry-

Capt_Caveman

05-05-2005 04:03 PM

Read the comments at the top of the code for instructions on running it. All you need to do for iptables is:
iptables -N BLACKLIST
iptables -I INPUT -p tcp --dport 22 -j BLACKLIST

The code will then parse the system logs for repeated failed logins and dynamically add offending IPs to the BLACKLIST chain.

All times are GMT -5. The time now is 11:05 AM.