*Drive*- Здесь рулят padonki
https://drivesource.ru/

защита SSH от сканирования и подбора паролей (от брута)
https://drivesource.ru/viewtopic.php?f=15&t=932
Страница 1 из 1

Автор:  Padonak [ 29 июл 2009, 15:06 ]
Заголовок сообщения:  защита SSH от сканирования и подбора паролей (от брута)

## защита SSH
/sbin/iptables -t filter -A INPUT -p tcp --destination-port 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT
/sbin/iptables -t filter -A INPUT -p tcp --destination-port 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_BRUTFORCE: "
/sbin/iptables -t filter -A INPUT -p tcp --destination-port 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

Автор:  The ustas [ 01 авг 2009, 22:33 ]
Заголовок сообщения: 

Испытывал ?)

Автор:  Padonak [ 02 авг 2009, 01:33 ]
Заголовок сообщения:  А то !

Очень даже эффективно работает ! В данном примере разрешаецца ТОЛЬКО 4 коннекта в минуту . МОжно поставить и 2 . (Я себе лично так настроил)

Код:
Aug  1 11:53:54 QWERTY1 kernel: [308779.689566] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=60484 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0
Aug  1 11:53:54 QWERTY1 kernel: [308779.690696] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=5989 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0
Aug  1 11:53:55 QWERTY1 kernel: [308780.120273] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=25983 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0
Aug  1 11:53:55 QWERTY1 kernel: [308780.999855] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=14452 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0
Aug  1 11:53:57 QWERTY1 kernel: [308782.763321] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=63858 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0
Aug  1 11:53:58 QWERTY1 kernel: [308783.888653] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=49223 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0
Aug  1 11:54:01 QWERTY1 kernel: [308786.277046] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=47965 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0
Aug  1 11:54:04 QWERTY1 kernel: [308789.508048] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=43482 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0
Aug  1 11:54:04 QWERTY1 kernel: [308789.883923] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=9196 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0
Aug  1 11:54:05 QWERTY1 kernel: [308790.472165] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=64472 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0
Aug  1 11:54:08 QWERTY1 kernel: [308793.313691] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=14804 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0
Aug  1 11:54:11 QWERTY1 kernel: [308796.258926] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=36323 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0
Aug  1 11:54:17 QWERTY1 kernel: [308802.078006] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=34898 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0
Aug  1 11:54:18 QWERTY1 kernel: [308803.973354] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=19320 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0
Aug  1 11:54:22 QWERTY1 kernel: [308807.425502] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=20862 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0
Aug  1 11:54:34 QWERTY1 kernel: [308819.407927] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=55314 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0
Aug  1 11:54:41 QWERTY1 kernel: [308826.065152] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=30842 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0
Aug  1 11:54:50 QWERTY1 kernel: [308835.531778] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=26254 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0
Aug  1 11:55:05 QWERTY1 kernel: [308850.262060] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=11215 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0
Aug  1 11:55:29 QWERTY1 kernel: [308874.240426] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=22266 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0
Aug  1 11:56:07 QWERTY1 kernel: [308911.980828] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=5367 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0
Aug  1 21:28:04 QWERTY1 kernel: [343212.026577] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=37259 DF PROTO=TCP SPT=40160 DPT=22 WINDO
W=141 RES=0x00 ACK URGP=0
Aug  1 21:28:04 QWERTY1 kernel: [343212.026611] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=25960 DF PROTO=TCP SPT=40249 DPT=22 WINDO
W=92 RES=0x00 ACK URGP=0
Aug  1 21:28:04 QWERTY1 kernel: [343212.232244] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=40160 DPT=22 WINDOW=14
1 RES=0x00 ACK URGP=0
Aug  1 21:28:05 QWERTY1 kernel: [343212.651577] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=40160 DPT=22 WINDOW=14
1 RES=0x00 ACK URGP=0
Aug  1 21:28:06 QWERTY1 kernel: [343213.491081] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=40160 DPT=22 WINDOW=14
1 RES=0x00 ACK URGP=0
Aug  1 21:28:07 QWERTY1 kernel: [343214.959903] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=25195 DF PROTO=TCP SPT=41648 DPT=22 WINDO
W=92 RES=0x00 ACK URGP=0
Aug  1 21:28:07 QWERTY1 kernel: [343215.171509] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=40160 DPT=22 WINDOW=14
1 RES=0x00 ACK URGP=0
Aug  1 21:28:08 QWERTY1 kernel: [343215.621635] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=25961 DF PROTO=TCP SPT=40249 DPT=22 WINDO
W=92 RES=0x00 ACK URGP=0
Aug  1 21:28:11 QWERTY1 kernel: [343218.337728] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=9145 DF PROTO=TCP SPT=43630 DPT=22 WINDOW
=92 RES=0x00 ACK URGP=0
Aug  1 21:28:11 QWERTY1 kernel: [343218.529764] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=40160 DPT=22 WINDOW=14
1 RES=0x00 ACK URGP=0
:

Автор:  The ustas [ 02 авг 2009, 06:20 ]
Заголовок сообщения: 

В каком логе это зырить ?)

Автор:  Padonak [ 02 авг 2009, 12:11 ]
Заголовок сообщения: 

Цитата:
The ustas писал(a): В каком логе это зырить ?)


Код:
less /var/log/kernel

Страница 1 из 1 Часовой пояс: UTC + 3 часа [ Летнее время ]
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/