Facebook
Twitter
L
lpittman
Guest
Hey Everyone,
I've been monitoring my secure log for a couple days now (just to see whats going on) and notice an absolutely huge amount of SSH failed passwords. I assume this is simply some idiots doing the usual scanning to find access to any servers ... but it sure is annoying!
Here is the number of scans:
So, I tried the following iptables commands to try and limit this, but it doesn't seem to be working.
Can anyone offer any advice here?
Thanks
Luke
I've been monitoring my secure log for a couple days now (just to see whats going on) and notice an absolutely huge amount of SSH failed passwords. I assume this is simply some idiots doing the usual scanning to find access to any servers ... but it sure is annoying!
Here is the number of scans:
Code:
cat ./secure | grep 'Failed password' | grep sshd | awk '{print $1,$2}' | sort | uniq -c
12055 Mar 25
7450 Mar 26
1975 Mar 27
4280 Mar 28
40703 Mar 29
7231 Mar 30
33468 Mar 31So, I tried the following iptables commands to try and limit this, but it doesn't seem to be working.
Code:
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG --log-prefix "SSH SCAN "
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPTCan anyone offer any advice here?
Thanks
Luke
