Monday, April 11, 2011

Better SSH Brute force prevention with iptables

There are countless of 'Howto prevent SSH Brute force attacks with iptables' scattered around the Net. What, in my opinion, is missing from those howtos is a 'holistic' approach to the problem. Only adding a 'recent' rule to iptables is just a part of the solution.

IPTables rule set

Let's take for example the ubiquitous:
# iptables -N IN_SSH
# iptables -A IN_SSH -m recent --name sshbf --rcheck \
              --hitcounts 3 --seconds 10 -j DROP
# iptables -A IN_SSH -m recent --name sshbf --set -j ACCEPT

# iptables -A INPUT -p tcp --dport ssh -m conntrack \
              --ctstate NEW -j IN_SSH

Saturday, April 2, 2011

Latest iptables, xtables, ipset for Ubuntu

By using Ubuntu 10.04 I am stuck with old versions of iptables, xtables and ipset (the latter is very old!) Is there a solution? Yes of course, I could compile those applications myself, but I prefer to have .deb packages managed by the good old dpkg. 


With the method descibed in this post we can get the latest version of iptables (currently 1.4.10), but what about xtables or ipset?