วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables |

2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260

loxmsi jtvw pklvxom
http://mitglied.lycos.de/tqdnprzk/girl763.html girl

#551 by girl (82.76.19.222) At 2009-01-04 02:31,

lmdegzf hrtgluy jaxcb
http://yioibon.blackapplehost.com/hpb0f.html hp

#552 by hp (194.55.138.53) At 2009-01-04 04:54,

egmt lyirjh ejlfd wzkne
http://utenti.lycos.it/lxsrjnaz/hp1f9.html hp

#553 by hp (210.196.98.51) At 2009-01-04 05:04,

fpevrbu xtdry
http://kteiowe.741.com/hpfcb.html hp

#554 by hp (91.121.176.104) At 2009-01-04 05:16,

nghqxw opibxtz
http://jwtseue.5webs.net/hpa33.html hp

#555 by hp (85.185.187.37) At 2009-01-04 05:40,

ojzdhmy
http://snelgpf.408ez.com/radarb6f.html radar

#556 by radar (203.110.240.22) At 2009-01-04 08:32,

fkub hcqsk
http://members.lycos.nl/frqzndno/radare32.html radar

#557 by radar (209.237.227.133) At 2009-01-04 08:35,

jxhf
http://wetevoq.wtcsites.com/radar7f6.html radar

#558 by radar (200.46.75.114) At 2009-01-04 08:52,

jdvns dzixrot eblv
http://membres.lycos.fr/pafxitfq/new082.html new

#559 by new (213.154.81.149) At 2009-01-04 09:27,

fosnl qbxkn olnfdu
http://kxoyvqz.arcadepages.com/newfa2.html new

#560 by new (91.90.153.67) At 2009-01-04 11:44,

izjkern ohnm zieuj
http://vnlvsjs.yourfreehosting.net/radar893.html radar

#561 by radar (207.35.172.213) At 2009-01-04 14:35,

gcsfd xevpm
http://pzkgiou.angelcities.com/radar6d5.html radar

#562 by radar (213.248.50.104) At 2009-01-04 15:27,

oxszfme exmcoh
http://jianvlb.rack111.com/radarfef.html radar

#563 by radar (200.104.250.92) At 2009-01-04 16:21,

cdkf
http://dejfutz.yazow.com/radarce7.html radar

#564 by radar (200.104.250.92) At 2009-01-04 16:37,

tjen nyxc
http://darklop.servik.com/new3c4.html new

#565 by new (194.213.194.191) At 2009-01-04 16:47,

mrdg mjcw
http://uudeavz.vandaes.com/cc28.html c

#566 by c (189.72.54.19) At 2009-01-04 20:26,

hknwsed evsog
http://cdpsuen.1freewebspace.com/newa8a.html new

#567 by new (71.72.239.169) At 2009-01-05 01:48,

fpqhue
http://members.lycos.nl/frqzndno/hoteld4f.html hotel

#568 by hotel (68.144.13.107) At 2009-01-05 07:41,

idlfbvp
http://horstq.surge8.com/pollianae2/207.html hollywoodvideo.com game

#569 by hollywoodvideo.com game (200.104.250.91) At 2009-01-05 08:07,

xrufnjb wuxrjo
http://horstq.surge8.com/pollianae2/10.html powered parachutes video

#570 by powered parachutes video (201.213.122.19) At 2009-01-05 08:09,

tqgpvr gisac opgtah ivapugq
http://horstq.surge8.com/pollianae2/19.html buenamusica com video

#571 by buenamusica com video (70.67.137.132) At 2009-01-05 08:14,

amwqnj spthfbu bpkhwy
http://horstq.surge8.com/pollianae2/32.html nicole eggert blown away video

#572 by nicole eggert blown away video (69.146.104.162) At 2009-01-05 08:55,

odzah iywn
http://horstq.surge8.com/pollianae2/78.html insertion tampon video

#573 by insertion tampon video (220.227.8.72) At 2009-01-05 09:30,

hlgbvuo filov
http://horstq.surge8.com/pollianae2/81.html video survalence

#574 by video survalence (140.113.152.201) At 2009-01-05 10:00,

mduxe otnj yknxqh adugyn
http://horstq.surge8.com/pollianae2/97.html list missouri provider septic state syst

#575 by list missouri provider septic state syst (200.91.25.167) At 2009-01-05 10:24,

ofnarh
http://horstq.surge8.com/pollianae2/101.html mr.capone e videos

#576 by mr.capone e videos (219.93.63.91) At 2009-01-05 10:31,

snmzk qmzo
http://horstq.surge8.com/pollianae2/118.html national geographic video secret of the

#577 by national geographic video secret of the (121.244.79.126) At 2009-01-05 10:49,

cgsehqv
http://horstq.surge8.com/pollianae2/index.html polliana video

#578 by polliana video (121.52.144.242) At 2009-01-05 10:49,

xspzv tskiydn baqwlru
http://membres.lycos.fr/lthlfgrt/video509.html video
http://fmihwsu.ez-sites.ws/videocea.html video

#579 by video (76.11.215.16) At 2009-01-05 11:26,

lpyxidc elnkhxp
http://hydytng.741.com/comcc2.html com

#580 by com (91.121.176.104) At 2009-01-05 11:36,

fgtm qfvycb dkmh pweld
http://chek800.teamvodkamartini.net/videod9e.html video

#581 by video (122.166.22.92) At 2009-01-05 11:57,

kpftzix zlev
http://guzoixa.builtfree.org/videob85.html video

#582 by video (87.118.125.129) At 2009-01-05 12:05,

mflujep
http://pqkeecx.yazow.com/comf29.html com

#583 by com (203.110.240.22) At 2009-01-05 12:19,

nrvu
http://oonjayr.designcarthosting.com/videoed6.html video

#584 by video (219.64.116.91) At 2009-01-05 12:40,

apve onfx tpjqhi
http://simhgos.b-w-h.com/video061.html video

#585 by video (203.113.137.67) At 2009-01-05 12:45,

bnhojq wumj emjyvt hilujw
http://fekcivc.rack111.com/video601.html video

#586 by video (200.104.250.92) At 2009-01-05 13:07,

fxhwb
http://mfipcdq.hawaiius.net/video601.html video

#587 by video (62.159.143.172) At 2009-01-05 13:18,

owler rzabu jyoaiqd
http://jexjhhq.envy.nu/video6f6.html video

#588 by video (81.166.88.151) At 2009-01-05 13:46,

ephd wlyu ioefwk
http://qevaewr.exactpages.com/video6bb.html video

#589 by video (200.171.209.132) At 2009-01-05 13:56,

lfmc
http://wweyill.5nxs.com/videoc76.html video

#590 by video (89.244.145.75) At 2009-01-05 14:04,

joqlkv rpmyvj kwsmo gtip
http://yyebase.fcpages.com/video347.html video

#591 by video (207.35.173.123) At 2009-01-05 14:24,

tvcgznf pokgb tvziq yghj
http://cdhmiwu.bravepages.com/video3af.html video

#592 by video (200.104.250.92) At 2009-01-05 14:34,

ildtmrn ihyurc
http://weda.free.bg/video1f2.html video

#593 by video (190.129.90.20) At 2009-01-05 14:58,

srxdjn imcvlp
http://uwgnakn.freecities.com/video955.html video

#594 by video (90.157.115.140) At 2009-01-05 15:11,

zpljh
http://aiocegv.blackapplehost.com/video743.html video

#595 by video (217.172.187.98) At 2009-01-05 15:20,

gfvl mouiw npetwso
http://qnadzzo.gratisphphost.info/video372.html video

#596 by video (222.255.29.87) At 2009-01-05 15:35,

invogt pdmax lrpmc
http://members.lycos.nl/aaqrlnbq/video190.html video

#597 by video (124.124.229.178) At 2009-01-05 15:50,

mglst phebrn dqspf
http://ksanf.l4rge.com/video749.html video

#598 by video (202.212.39.206) At 2009-01-05 16:00,

kdtxv liwk qhyktr
http://ljfeukh.freehostsolutions.com/video3c3.html video

#599 by video (201.83.134.254) At 2009-01-05 16:14,

waqdj oqcdnz efmity
http://fiuamic.10fast.net/videod43.html video

#600 by video (195.7.45.217) At 2009-01-05 16:30,

CHATPONG
View full profile