[unisog] Password policies

Josh Fiske jfiske at clarkson.edu
Tue Apr 25 12:51:42 GMT 2006


unisog-bounces at lists.sans.org wrote on 04/24/2006 07:11:20 PM:


>    May not help with rdp, but one of our Linux folks found an iptables(?
> one of the built in firewall packages anyway) rule set that detects 
multiple 
> ssh probes and blocks the connection for 5 minutes or so after a few 
tries. 

I've been using iptables to do this for a while.  A quick google search 
will turn up some great pages on the topic, but my simple ruleset looks 
something like this:

...
-N SSH_CHECK
-A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
-A SSH_CHECK -m recent --set --name SSH
-A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j 
LOG --log-prefix "New info: " --log-level info
-A SSH_CHECK -m recent --update --seconds 60 --hitcount 8 --name SSH -j 
DROP
-A INPUT -s 0.0.0.0/0.0.0.0 -p tcp -m tcp --dport 22 -j ACCEPT
...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20060425/eb201ebe/attachment.htm


More information about the unisog mailing list