*Drive*- Здесь рулят padonki https://drivesource.ru/ |
|
защита SSH от сканирования и подбора паролей (от брута) https://drivesource.ru/viewtopic.php?f=15&t=932 |
Страница 1 из 1 |
Автор: | Padonak [ 29 июл 2009, 15:06 ] |
Заголовок сообщения: | защита SSH от сканирования и подбора паролей (от брута) |
## защита SSH /sbin/iptables -t filter -A INPUT -p tcp --destination-port 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT /sbin/iptables -t filter -A INPUT -p tcp --destination-port 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_BRUTFORCE: " /sbin/iptables -t filter -A INPUT -p tcp --destination-port 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP |
Автор: | The ustas [ 01 авг 2009, 22:33 ] |
Заголовок сообщения: | |
Испытывал ?) |
Автор: | Padonak [ 02 авг 2009, 01:33 ] |
Заголовок сообщения: | А то ! |
Очень даже эффективно работает ! В данном примере разрешаецца ТОЛЬКО 4 коннекта в минуту . МОжно поставить и 2 . (Я себе лично так настроил) Код: Aug 1 11:53:54 QWERTY1 kernel: [308779.689566] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=60484 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0
Aug 1 11:53:54 QWERTY1 kernel: [308779.690696] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=5989 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0 Aug 1 11:53:55 QWERTY1 kernel: [308780.120273] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=25983 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0 Aug 1 11:53:55 QWERTY1 kernel: [308780.999855] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=14452 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0 Aug 1 11:53:57 QWERTY1 kernel: [308782.763321] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=63858 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0 Aug 1 11:53:58 QWERTY1 kernel: [308783.888653] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=49223 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0 Aug 1 11:54:01 QWERTY1 kernel: [308786.277046] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=47965 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0 Aug 1 11:54:04 QWERTY1 kernel: [308789.508048] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=43482 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0 Aug 1 11:54:04 QWERTY1 kernel: [308789.883923] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=9196 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0 Aug 1 11:54:05 QWERTY1 kernel: [308790.472165] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=64472 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0 Aug 1 11:54:08 QWERTY1 kernel: [308793.313691] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=14804 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0 Aug 1 11:54:11 QWERTY1 kernel: [308796.258926] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=36323 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0 Aug 1 11:54:17 QWERTY1 kernel: [308802.078006] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=34898 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0 Aug 1 11:54:18 QWERTY1 kernel: [308803.973354] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=19320 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0 Aug 1 11:54:22 QWERTY1 kernel: [308807.425502] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=20862 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0 Aug 1 11:54:34 QWERTY1 kernel: [308819.407927] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=55314 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0 Aug 1 11:54:41 QWERTY1 kernel: [308826.065152] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=30842 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0 Aug 1 11:54:50 QWERTY1 kernel: [308835.531778] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=26254 DF PROTO=TCP SPT=46690 DPT=22 WINDOW=71 RES=0x00 ACK URGP=0 Aug 1 11:55:05 QWERTY1 kernel: [308850.262060] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=11215 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0 Aug 1 11:55:29 QWERTY1 kernel: [308874.240426] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=22266 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK URGP=0 Aug 1 11:56:07 QWERTY1 kernel: [308911.980828] SSH_BRUTFORCE: IN=ppp0 OUT= MAC= SRC=64.0.98.4 DST=89.178.181.81 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=5367 DF PROTO=TCP SPT=46712 DPT=22 WINDOW=46 RES=0x00 ACK FIN URGP=0 Aug 1 21:28:04 QWERTY1 kernel: [343212.026577] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=37259 DF PROTO=TCP SPT=40160 DPT=22 WINDO W=141 RES=0x00 ACK URGP=0 Aug 1 21:28:04 QWERTY1 kernel: [343212.026611] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=25960 DF PROTO=TCP SPT=40249 DPT=22 WINDO W=92 RES=0x00 ACK URGP=0 Aug 1 21:28:04 QWERTY1 kernel: [343212.232244] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=40160 DPT=22 WINDOW=14 1 RES=0x00 ACK URGP=0 Aug 1 21:28:05 QWERTY1 kernel: [343212.651577] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=40160 DPT=22 WINDOW=14 1 RES=0x00 ACK URGP=0 Aug 1 21:28:06 QWERTY1 kernel: [343213.491081] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=40160 DPT=22 WINDOW=14 1 RES=0x00 ACK URGP=0 Aug 1 21:28:07 QWERTY1 kernel: [343214.959903] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=25195 DF PROTO=TCP SPT=41648 DPT=22 WINDO W=92 RES=0x00 ACK URGP=0 Aug 1 21:28:07 QWERTY1 kernel: [343215.171509] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=40160 DPT=22 WINDOW=14 1 RES=0x00 ACK URGP=0 Aug 1 21:28:08 QWERTY1 kernel: [343215.621635] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=25961 DF PROTO=TCP SPT=40249 DPT=22 WINDO W=92 RES=0x00 ACK URGP=0 Aug 1 21:28:11 QWERTY1 kernel: [343218.337728] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=9145 DF PROTO=TCP SPT=43630 DPT=22 WINDOW =92 RES=0x00 ACK URGP=0 Aug 1 21:28:11 QWERTY1 kernel: [343218.529764] SSH_BRUTFORCE: IN=eth0 OUT= MAC=00:16:76:2f:aa:5c:00:90:1a:42:45:06:08:00 SRC=87.245.166.218 DST=79.165.222.174 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=40160 DPT=22 WINDOW=14 1 RES=0x00 ACK URGP=0 : |
Автор: | The ustas [ 02 авг 2009, 06:20 ] |
Заголовок сообщения: | |
В каком логе это зырить ?) |
Автор: | Padonak [ 02 авг 2009, 12:11 ] |
Заголовок сообщения: | |
Цитата: The ustas писал(a): В каком логе это зырить ?)
Код: less /var/log/kernel
|
Страница 1 из 1 | Часовой пояс: UTC + 3 часа [ Летнее время ] |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |