[unisog] Password policies

Josh Fiske jfiske at clarkson.edu
Tue Apr 25 12:51:42 GMT 2006

unisog-bounces at lists.sans.org wrote on 04/24/2006 07:11:20 PM:

>    May not help with rdp, but one of our Linux folks found an iptables(?
> one of the built in firewall packages anyway) rule set that detects 
> ssh probes and blocks the connection for 5 minutes or so after a few 

I've been using iptables to do this for a while.  A quick google search 
will turn up some great pages on the topic, but my simple ruleset looks 
something like this:

-A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
-A SSH_CHECK -m recent --set --name SSH
-A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j 
LOG --log-prefix "New info: " --log-level info
-A SSH_CHECK -m recent --update --seconds 60 --hitcount 8 --name SSH -j 
-A INPUT -s -p tcp -m tcp --dport 22 -j ACCEPT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20060425/eb201ebe/attachment.htm

More information about the unisog mailing list