Stopping ssh port scans

Finally decided to do something about the script kiddies who keep trying dictionary attacks again our ssh ports. There is a neat article at Debian Administration called Using iptables to rate-limit incoming connections. It gives a couple of iptables commands that do the trick.

Basically the idea is to block any one who tries to access the ssh port more than a certain number of time in a given time period. You can do this with the iptables firewall software with the commands:-

iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –set
iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –update –seconds 600 –hitcount 2 -j DROP

This will drop incoming connections on anyone trying to make more than 2 connection attempts upon port 22 within ten minutes.

John built his first website in 1995, With a reputation for being The Internet Guru, he has become the Internet go-to guy for his clients and friends by helping them make sense of the online world, solving their problems and making Internet easy. - John's Website

Posted in Web Hosting