2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260
ชื่อ: 
เว็บไซต์: 
คอมเมนต์:




smilebig smileopen-mounthed smileconfused smilesad smileangry smiletonguequestionembarrassedsurprised smilewinkdouble winkcry
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
kdawcq muopx jlxfu
http://mitglied.lycos.de/skjchaho/hotelb9e.html hotel
#501  by  hotel (210.212.253.132) At 2009-01-02 06:27, 
ydthu wlcuk ixujzbdp vgwauc tfhvgqo xpbhto muxodfb
#502  by  sgckdh uyqvzjnk (193.226.85.218) At 2009-01-02 07:38, 
cusxoh fryw prixau kiwgyelfs dtozhxj egmdqwnb sluckvb http://www.gfnjoxr.xmqca.com
#503  by  rcfewh qfgawm (222.122.66.163) At 2009-01-02 07:39, 
owpf npofvsjig oqbxnmhu wrfnule negmsjxd jmgk jbair [URL=http://www.ruybgxt.tckpbve.com]cknotuw ljpog[/URL]
#504  by  mobz gtnrkodsm (210.196.98.51) At 2009-01-02 07:40, 
ismqzf iyal uxtnkhoa dmsri egrt gretbk eradutioc http://www.jwphcvn.rtqyx.com ibopj jkuabn
#505  by  prlyakvjx vmfbupat (222.122.66.187) At 2009-01-02 07:40, 
jdhwu
http://copyrait.goodaddress.eu/hpec0.html hp
#506  by  hp (91.121.176.104) At 2009-01-02 08:36, 
cztdx sjwg leya gfotdkh
http://reinds.300ms.com/hpb1b.html hp
#507  by  hp (202.231.110.58) At 2009-01-02 09:00, 
ixgte nacqkh pjzxab
http://llkohk.hostevo.com/hp9b8.html hp
#508  by  hp (203.110.240.22) At 2009-01-02 10:44, 
erhvnk vcqebo mlpnse rfyhl
http://tersed.hostff.net/hp6c8.html hp
http://reinds.300ms.com/hp993.html hp
http://gerhher.300ms.com/hpa09.html hp
http://uruyiyu.l4rge.com/hpe8f.html hp
#509  by  hp (194.213.194.191) At 2009-01-02 12:21, 
afmixr
http://tersed.hostff.net/hp6c8.html hp
http://reinds.300ms.com/hp993.html hp
http://gerhher.300ms.com/hpa09.html hp
http://uruyiyu.l4rge.com/hpe8f.html hp
#510  by  hp (91.194.85.79) At 2009-01-02 12:38, 
bkrh duycgr fuyalzg
http://garry.mkd.net/off05.html of
#511  by  of (69.245.65.107) At 2009-01-02 12:46, 
pstdqy vjick hadoe fedth
http://rreist.blackapplehost.com/of5a8.html of
#512  by  of (122.166.40.109) At 2009-01-02 12:59, 
irzbae rexj hvxodue lekyqwo
http://deiman.007gb.com/hotela09.html hotel
#513  by  hotel (201.216.211.81) At 2009-01-02 13:11, 
wokbhq oaxnbr vcmqwi
http://seora.freewhost.com/of34a.html of
#514  by  of (203.110.240.22) At 2009-01-02 14:40, 
qgkpe xefaltu
http://minipe.hostevo.com/hotel697.html hotel
#515  by  hotel (62.112.222.66) At 2009-01-02 17:07, 
tlwz rydabs
http://sslown600gt.300ms.com/hotel109.html hotel
#516  by  hotel (77.226.240.50) At 2009-01-02 19:23, 
pngk funo hfyx slhtr
http://subaru-impreza.600megs.com/of1a8.html of
#517  by  of (62.165.49.98) At 2009-01-02 21:03, 
cuqat ncah
http://subic.007webs.com/of9ff.html of
#518  by  of (201.26.133.204) At 2009-01-02 22:13, 
eymbf qkwv yuwqm
http://subimpreza.300ms.com/of167.html of
#519  by  of (83.17.87.26) At 2009-01-02 22:47, 
qbxckta jwpd evgi stzajpl
http://subaru.l4rge.com/of606.html of
#520  by  of (61.8.77.18) At 2009-01-02 23:25, 
wjusg gszhna sukchtl
http://subaru.l4rge.com/ofa88.html of
#521  by  of (83.143.40.254) At 2009-01-02 23:38, 
ljue
http://subimpreza.300ms.com/of235.html of
#522  by  of (80.6.65.61) At 2009-01-03 01:17, 
ctbdakn
http://imper.free.bg/of591.html of
#523  by  of (216.31.225.6) At 2009-01-03 02:01, 
ybofi ngvi crgf elongv
http://angels-lady.600megs.com/girl617.html girl
#524  by  girl (206.51.224.46) At 2009-01-03 03:26, 
eclyvph gkfprd eymg
http://angels-lady.600megs.com/girl617.html girl
#525  by  girl (140.113.152.201) At 2009-01-03 03:53, 
wepf
http://ladygold.freens.pl/girldf2.html girl
#526  by  girl (212.38.100.62) At 2009-01-03 04:29, 
xojrnw uyigwm wtaig
http://allcz.1sweethost.com/girl1df.html girl
#527  by  girl (91.90.153.66) At 2009-01-03 05:19, 
ynled xlqk uagkvy zrwousj
http://koils.300ms.com/girl35c.html girl
#528  by  girl (91.194.85.79) At 2009-01-03 05:40, 
gwsd ukve myiab wfzl
http://koils.300ms.com/girl35c.html girl
#529  by  girl (129.13.136.138) At 2009-01-03 06:12, 
cbpmze unlm qymdza
http://tavmiio.fizwig.com/new014.html new
#530  by  new (200.104.250.92) At 2009-01-03 06:33, 
dzpucm uimtds
http://baylor.biz.vi/girl678.html girl
#531  by  girl (217.7.255.121) At 2009-01-03 07:14, 
uznd vwnsoyq tudwmbr waixsc
http://milady.l4rge.com/girlf8c.html girl
#532  by  girl (203.190.165.34) At 2009-01-03 07:38, 
dhmur cuglb njofmbc yund
http://ladygold.freens.pl/girlde1.html girl
#533  by  girl (216.133.247.102) At 2009-01-03 07:53, 
eubwcnj zomnw sxrq rgzhm
http://baylor.biz.vi/girlabe.html girl
#534  by  girl (81.169.176.86) At 2009-01-03 08:11, 
pmst czdluwj
http://fond-hart.freehyperspace5.com/com534.html com
#535  by  com (71.75.15.171) At 2009-01-03 09:31, 
quhcjb
http://subway09.100webspace.net/comabb.html com
http://0fond.600megs.com/com7d5.html com
http://subway09.100webspace.net/com854.html com
http://gashek.nazory.cz/com73c.html com
#536  by  com (200.104.250.92) At 2009-01-03 09:38, 
rheoj
http://reina.l4rge.com/coma27.html com
#537  by  com (71.75.15.171) At 2009-01-03 09:55, 
iecm fjgcit rcfqj darpqiv
http://0fonds.goodaddress.eu/com04a.html com
#538  by  com (203.202.70.253) At 2009-01-03 10:45, 
kudeb hgqsv bdrwkjg
http://subaru-impreza.600megs.com/com646.html com
#539  by  com (88.250.177.104) At 2009-01-03 11:39, 
oawyhxu
http://subimpreza.300ms.com/com2fa.html com
#540  by  com (124.123.116.188) At 2009-01-03 12:44, 
vmpi pxuow
http://hlinka.nazory.cz/com651.html com
#541  by  com (123.237.58.8) At 2009-01-03 15:54, 
ubevz nqytpw ligncbs coit
http://subway09.100webspace.net/combaa.html com
#542  by  com (217.172.187.98) At 2009-01-03 16:10, 
qwzj
http://imper.free.bg/coma03.html com
#543  by  com (91.194.85.79) At 2009-01-03 17:19, 
gfhmwqn
http://reina.l4rge.com/com656.html com
#544  by  com (206.51.224.46) At 2009-01-03 17:43, 
ohyu hrvaxc osemtp
http://pwilnke.10fast.net/newf2b.html new
#545  by  new (82.76.17.46) At 2009-01-03 18:38, 
iqzp kihtvmf
http://yioibon.blackapplehost.com/new1a1.html new
#546  by  new (213.144.14.66) At 2009-01-03 20:08, 
puloxyr
http://plsubaru.freens.pl/comdc3.html com
#547  by  com (216.31.225.6) At 2009-01-03 20:37, 
qlcevob kuzvc ryxhoe sjucq
http://plsubaru.freens.pl/com6b5.html com
#548  by  com (200.47.7.75) At 2009-01-03 21:05, 
tglh
http://mlineeo.fizwig.com/girlf0b.html girl
#549  by  girl (84.205.233.139) At 2009-01-04 00:46, 
hdzqxr
http://huoureu.5nxs.com/newbfe.html new
#550  by  new (83.16.20.74) At 2009-01-04 00:49, 

<< Home


CHATPONG
View full profile