[go: up one dir, main page]
|
|
Log in / Subscribe / Register

SSH scanning

SSH scanning

Posted Feb 15, 2007 16:19 UTC (Thu) by nowster (subscriber, #67)
In reply to: SSH scanning by ahoogerhuis
Parent article: Linux botnets

Order is important in these iptables commands. The commands in the parent appear to match on any traffic. Use instead: 

# Accept trusted hosts
iptables -A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport ssh -j ACCEPT

# For outsiders, rate-limit and enjoy
iptables -A INPUT -p tcp -m tcp --dport ssh \
        -m state --state NEW \
        -m recent --hitcount 3 --seconds 180 --update -j DROP

iptables -A INPUT -p tcp -m tcp --dport ssh \
        -m state --state NEW \
        -m recent --set -j ACCEPT

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds