AMP Admin wrote:
Does anyone use iptables or something to defend against attacks? Like
if x amount of requests per x amount of time send away. If so I would
love some examples. Thanks!
Probably based on Glenn English's work (in another email) I found this
during a brute force search with Google. It blocks the ssh
script-kiddies really well.
You may be able to modify for your purposes.
I have used denyhosts and fail2ban but found this did the most good with
the least effort. I'm thinking of modifying it to use TARPIT instead of
DROP to make the script-kiddies pay more for even trying.
-N SSH_WHITELIST
# Pretend this is my workstation's IP. You can add similar liens for
# more IPs
-A SSH_WHITELIST -s 10.10.3.21 -m recent --remove --name SSH -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 22 -m state --state NEW -m recent
--set --name SSH
-A RH-Firewall-1-INPUT -p tcp --dport 22 -m state --state NEW -j
SSH_WHITELIST
-A RH-Firewall-1-INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP
