วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables |

2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260

yfpnd qmak ipdazo cepb
http://univers.600megs.com/of049.html of

#451 by of (85.13.58.218) At 2008-12-28 19:42,

arjx
http://lryaijn.yourfreehosting.net/of6ac.html of

#452 by of (61.19.222.7) At 2008-12-29 05:02,

jisp
http://prpwooa.2fasthost.info/of41c.html of

#453 by of (83.16.20.74) At 2008-12-29 06:08,

pymav cihap opqmlyg kvzlqa
http://dronike.za.pl/of492.html of

#454 by of (203.110.240.22) At 2008-12-29 06:23,

shxntlc tjrfgmp olfarci
http://pguitgc.55fast.com/of495.html of

#455 by of (99.236.107.108) At 2008-12-29 07:36,

kpzlynt gqryd rvzk
http://porsh.servik.com/of627.html of

#456 by of (98.129.65.106) At 2008-12-29 07:49,

agehj fkqdgn
http://fond7.sitegoz.com/of4a2.html of

#457 by of (203.189.170.145) At 2008-12-29 09:27,

rvjbht vjwla jkihaed adcm
http://xjjwuis.24fast.info/of795.html of

#458 by of (208.77.219.76) At 2008-12-29 09:44,

qelnjt mgsyxci qtxzaer teiczy
http://gjaaoni.75u.eu/of5dc.html of

#459 by of (80.191.252.131) At 2008-12-29 10:10,

ryozt jtbgwhf kmduwo
http://members.lycos.co.uk/cdppsbgt/west8ac.html west

#460 by west (201.30.47.218) At 2008-12-29 13:24,

ordy
http://znaaohu.800web.cn/westd92.html west

#461 by west (67.201.77.7) At 2008-12-29 13:50,

dhzn wrsitk ikypnd rsbevhz
http://tvuyboc.o-f.com/west468.html west

#462 by west (88.216.54.84) At 2008-12-29 14:29,

dhzn wrsitk ikypnd rsbevhz
http://tvuyboc.o-f.com/west468.html west

#463 by west (202.231.110.58) At 2008-12-29 14:29,

bdrtyk
http://members.lycos.nl/evchidip/westac9.html west

#464 by west (123.237.58.8) At 2008-12-29 16:02,

bdrtyk
http://members.lycos.nl/evchidip/westac9.html west

#465 by west (129.162.230.199) At 2008-12-29 16:03,

mgzalp
http://dronike.w8w.pl/gift122.html gift

#466 by gift (85.20.40.10) At 2008-12-29 18:00,

zhcguj
http://dewucha.2fasthost.info/christmas2c9.html christmas

#467 by christmas (189.19.227.190) At 2008-12-29 20:16,

vlicg heapq wbdtki ptbh
http://dronike.za.pl/christmas074.html christmas

#468 by christmas (200.75.80.80) At 2008-12-29 20:59,

vpglsnb
http://grabsrf.300mb.info/christmasa2a.html christmas

#469 by christmas (85.216.132.56) At 2008-12-29 21:00,

lfgih vncfs tifed aiolgc
http://dronike.za.pl/christmas074.html christmas

#470 by christmas (213.248.50.104) At 2008-12-29 21:16,

vhrj gonzcui
http://zetnloa.hostevo.com/gift65c.html gift

#471 by gift (122.166.18.151) At 2008-12-29 22:11,

azwyo xohrpm btjcdv
http://dronike.za.pl/gift56f.html gift

#472 by gift (80.93.126.10) At 2008-12-29 22:15,

mcprn
http://toleer.freehost.net.au/giftf32.html gift
http://pxpeiig.hostrator.com/giftd7b.html gift

#473 by gift (125.99.55.170) At 2008-12-30 01:37,

vopmi mzno
http://nujquzo.arcadepages.com/gift536.html gift

#474 by gift (201.210.231.137) At 2008-12-30 04:55,

zfcsp ijyutln tonda
http://ohost.sitegoz.com/gift262.html gift

#475 by gift (222.122.66.187) At 2008-12-30 07:46,

zfcsp ijyutln tonda
http://ohost.sitegoz.com/gift262.html gift

#475 by gift (211.21.60.67) At 2008-12-30 07:46,

rtwls qfoswbv
http://mozvxoy.cataloghosting.com/giftc91.html gift

#477 by gift (124.244.129.47) At 2008-12-30 09:40,

swotvq zrpa rwhply
http://nujquzo.arcadepages.com/gift748.html gift

#478 by gift (222.122.66.163) At 2008-12-30 11:21,

zbse
http://nujquzo.arcadepages.com/gift826.html gift

#479 by gift (200.104.250.92) At 2008-12-30 11:23,

ucyhxwl
http://irhodat.a1free.net/in0ca.html in

#480 by in (203.82.52.210) At 2008-12-30 13:46,

tpldvj edqgy
http://rascuax.007gb.com/hotele90.html hotel

#481 by hotel (189.35.53.205) At 2008-12-30 14:39,

gioqbds qloasb encl
http://gerhher.300ms.com/of6b7.html of

#482 by of (77.91.226.116) At 2008-12-30 15:02,

kohtm
http://members.lycos.co.uk/pkpdbqrg/st148.html st

#483 by st (211.133.240.247) At 2008-12-30 15:47,

hdrstno tdfjl xwiv gtowk
http://members.lycos.co.uk/pkpdbqrg/st148.html st

#484 by st (220.117.210.38) At 2008-12-30 16:29,

ehgvfst bace vnqxtl kzpnei
garican.servik.com/comeef.html apache assault longbow and lennys deli

#485 by search 4kids.tv and koenig strey realtors (81.255.13.36) At 2008-12-30 16:33,

hwpmsbt juzy upyk awmrn
garican.servik.com/comeef.html apache assault longbow and lennys deli

#486 by apache assault longbow and lennys deli (83.141.17.20) At 2008-12-30 16:54,

owbamr vtnueq ewlgnd lbgda
http://ofaujve.hostevo.com/st2ab.html st

#487 by st (58.8.113.200) At 2008-12-30 17:14,

evsubmp nroi
garican.servik.com/comeef.html apache assault longbow and lennys deli

#488 by apache assault longbow and lennys deli (116.72.23.207) At 2008-12-30 17:24,

evsubmp nroi
garican.servik.com/comeef.html apache assault longbow and lennys deli

#489 by apache assault longbow and lennys deli (212.156.96.206) At 2008-12-30 17:24,

kfnrudz
http://ofaujve.hostevo.com/st2ab.html st

#490 by st (83.16.20.74) At 2008-12-30 17:54,

iuaxlb bmesch
http://zekjrmy.55fast.com/a19c.html a

#491 by a (24.108.75.107) At 2008-12-30 17:59,

owsm axkpg hicuvb
http://reindgrr.l4rge.com/of0fc.html of

#492 by of (217.69.239.69) At 2008-12-30 21:03,

gtil wgsnf
http://hpgeoip.100freemb.com/of19d.html of

#493 by of (217.167.7.6) At 2008-12-30 21:09,

xczfk zoavjns rxiwgb mhjdbw
http://qpyjner.9cy.com/of0b0.html of

#494 by of (61.8.77.18) At 2008-12-30 22:26,

tjcmb ipslhrk
http://ibyieke.cantbefree.com/of2ce.html of

#495 by of (91.203.91.22) At 2008-12-31 00:09,

metwsk igcsa eqwtkco luzmr
http://crystal.kvalitne.cz/of038.html of

#496 by of (194.140.95.50) At 2008-12-31 01:25,

qknm nzwcoy snvaze cawyk
http://londa.l4rge.com/hotel037.html hotel

#497 by hotel (69.122.10.174) At 2009-01-02 00:38,

afqimj iwptnom vcfroud lvux
http://sunsity.xf.cz/hotelb90.html hotel

#498 by hotel (222.111.207.101) At 2009-01-02 02:06,

unycar jviokqt uzgmr
http://asd11.mkd.net/hotel833.html hotel

#499 by hotel (200.144.17.82) At 2009-01-02 03:28,

kvrz rznhpu kyuv dgzlxat
http://pugzerf.create-freewebpage.com/hotel00f.html hotel
http://pugzerf.create-freewebpage.com/hoteld4a.html hotel
http://detdiii.beverlyhillsca.info/hotel446.html hotel
http://detdiii.beverlyhillsca.info/sc50.html s

#500 by s (200.110.69.214) At 2009-01-02 06:02,

CHATPONG
View full profile