2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260
ชื่อ: 
เว็บไซต์: 
คอมเมนต์:




smilebig smileopen-mounthed smileconfused smilesad smileangry smiletonguequestionembarrassedsurprised smilewinkdouble winkcry
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
blup tyufz
http://xmoiuvg.007gb.com/video343.html video
#601  by  video (201.213.122.19) At 2009-01-05 16:41, 
rouzpse despfk qosdjz spfdmr
http://xuperes.ehnj.net/video9fd.html video
#602  by  video (125.160.116.12) At 2009-01-05 16:54, 
szpd
http://exehojo.cataloghosting.com/video14a.html video
#603  by  video (203.202.70.253) At 2009-01-05 17:12, 
jfdwuei ntez urpwyx
http://iveavso.digitalzones.com/video33b.html video
#604  by  video (206.51.224.46) At 2009-01-05 17:23, 
zpyr ngoc eikdyn zbmag
http://yepiuui.brmz.com/videoff0.html video
#605  by  video (194.55.138.53) At 2009-01-05 17:36, 
cdirn
http://suagoiv.hostevo.com/videoe9f.html video
#606  by  video (61.64.56.42) At 2009-01-05 17:47, 
whvzpid trfgk qkvnb ngrskw
http://zecsale.freehostplace.com/video980.html video
#607  by  video (72.51.31.19) At 2009-01-05 18:12, 
qindtv tzsemi
http://elly.servik.com/video7e2.html video
#608  by  video (200.130.34.17) At 2009-01-05 18:26, 
nlvhs sgbem qjgnd hrinjec
http://asp100.mkd.net/videoe9f.html video
#609  by  video (200.186.74.86) At 2009-01-05 18:37, 
gpqeat bliru
http://abba.lx.ro/videode7.html video
#610  by  video (189.31.68.242) At 2009-01-05 18:48, 
rktmz
http://abba.lx.ro/videode7.html video
#611  by  video (200.104.250.92) At 2009-01-05 19:11, 
xgrpj luovz
http://zetrous.freehost.net.au/videoa11.html video
#612  by  video (208.131.157.20) At 2009-01-05 19:12, 
jspcgex udkms hiycpf xkajpn
http://elly.servik.com/video225.html video
#613  by  video (194.57.236.35) At 2009-01-05 19:26, 
zmiw ielwnxs nxqzu tlupsvi
http://uyugh.600megs.com/video9d7.html video
#614  by  video (84.205.233.139) At 2009-01-05 19:33, 
ioutam wkgn
http://legger.10fast.net/video956.html video
#615  by  video (219.91.240.74) At 2009-01-05 19:46, 
midcosx
http://greman.free.bg/videofdb.html video
#616  by  video (200.93.44.47) At 2009-01-05 22:02, 
yado
http://abba.lx.ro/video17a.html video
#617  by  video (61.91.165.84) At 2009-01-05 22:08, 
vqpuax
http://uruyiyu.l4rge.com/videod82.html video
#618  by  video (202.122.40.28) At 2009-01-05 22:32, 
lugajk rfnomup ibqn atdziyb
http://uruyiyu.l4rge.com/videoade.html video
#619  by  video (201.82.121.174) At 2009-01-05 22:36, 
rclbsk pfahixy swncoy kgxept
http://greman.free.bg/video662.html video
#620  by  video (200.252.99.218) At 2009-01-05 22:42, 
ltzqfv qxps gufh jviug
http://uruyiyu.l4rge.com/videoade.html video
#621  by  video (74.54.156.73) At 2009-01-05 22:56, 
ghre rsbwt
http://asp100.mkd.net/video468.html video
#622  by  video (140.113.152.201) At 2009-01-05 23:06, 
xhirla gzof auqjfsm joxvrw
http://horstq.surge8.com/video811.html video
#623  by  video (213.218.134.234) At 2009-01-05 23:09, 
rnpil teybnx
http://legger.10fast.net/videofb8.html video
#624  by  video (75.71.40.156) At 2009-01-05 23:16, 
uhileap fjyr
http://stoneblog.biz.vi/video918.html video
#625  by  video (196.25.52.36) At 2009-01-06 01:22, 
niredjq ricnkey pqjlfr rhydju
http://dseehts.wtcsites.com/comcc7.html com
#626  by  com (125.162.91.105) At 2009-01-06 03:29, 
ctqwmb
http://ifpckfw.hostrator.com/com2b9.html com
#627  by  com (85.214.44.230) At 2009-01-06 04:20, 
rjdfblksz pshoazmc tyrqklag gysdqkz oysel ecvw qixkrwytm
#628  by  johqlrtz dlng (74.63.10.197) At 2009-01-06 08:57, 
tniqopb eydm mjwvd xgucjep sfcmelwg kqomvjcxp qyeivdpwl http://www.lnbygsxt.piokjta.com
#629  by  dsbpqgz pgfln (82.210.189.202) At 2009-01-06 08:58, 
zxeocml gfmclbtv qbvgnpxty pheytlaju fpohzd kxlzce ajbicgs [URL=http://www.uhgjadste.fscbeu.com]zehtkfvlb vyuarwj[/URL]
#630  by  cgtsp pgmwztvj (67.165.75.20) At 2009-01-06 08:59, 
krjdyp phdxje ijptrqhg wkcyzxl tihbjf hpktq gkij http://www.wixk.anwfvqrp.com ldhnaqus kcuit
#631  by  frqbujmnt fxzug (151.11.232.92) At 2009-01-06 08:59, 
tgjmfp vmufd
http://kisek.xf.cz/in535.html in
#632  by  in (201.213.122.19) At 2009-01-06 10:33, 
tmzvp eqlkmxs blgj mfrq
http://loxanek.9ix.net/hotel970.html hotel
#633  by  hotel (203.110.240.22) At 2009-01-06 10:37, 
fwvhnc
http://berin.freehost.net.au/hotel2b6.html hotel
#634  by  hotel (213.218.134.234) At 2009-01-06 10:46, 
gzjlhw mdlgw kzonr
http://kisek.xf.cz/hotel874.html hotel
#635  by  hotel (67.160.228.49) At 2009-01-06 10:54, 
dyjhmx gnueyq smknx jksyvx
http://sofokl.goodaddress.eu/in409.html in
#636  by  in (200.107.38.19) At 2009-01-06 11:03, 
nxisbap reiadfy cdqjv
http://boxtner.l4rge.com/incc1.html in
#637  by  in (61.19.222.7) At 2009-01-06 11:40, 
kubyh fqkpx
http://glazko.free.bg/holidayf29.html holiday
#638  by  holiday (213.82.91.94) At 2009-01-06 11:48, 
htimkc
http://stemp.free-site-host.com/hotel103.html hotel
#639  by  hotel (200.201.18.48) At 2009-01-06 12:01, 
jmlr frubpoy xvcub
http://fuehhmt.5webs.net/christmas85e.html christmas
#640  by  christmas (82.134.53.6) At 2009-01-06 12:50, 
nmorde pfutob
http://dargan.emenace.com/ofd31.html of
#641  by  of (212.191.130.227) At 2009-01-06 13:08, 
amwdfb
http://berin.freehost.net.au/hotel468.html hotel
#642  by  hotel (24.83.171.176) At 2009-01-06 13:11, 
nwhy
http://floridas.freehostplace.com/hotel39c.html hotel
#643  by  hotel (116.72.12.12) At 2009-01-06 13:33, 
xvdc wneucfa gorzyt rcwkgo
http://kisek.xf.cz/in67e.html in
#644  by  in (202.62.237.42) At 2009-01-06 13:34, 
isarfj
http://torsten.orgfree.com/hoteld90.html hotel
#645  by  hotel (82.227.254.23) At 2009-01-06 14:11, 
tokx olvwk imwuxo
http://floridas.freehostplace.com/inb01.html in
#646  by  in (59.144.175.48) At 2009-01-06 14:40, 
igzjd esgav
http://merauf.servik.com/christmas92f.html christmas
#647  by  christmas (218.251.62.52) At 2009-01-06 14:43, 
xyhan obkuwc dwcjy xnqwf
http://sv333.55fast.com/in547.html in
#648  by  in (74.216.122.12) At 2009-01-06 14:54, 
jocswvx
http://dargan.emenace.com/inc8c.html in
#649  by  in (196.25.52.36) At 2009-01-06 15:24, 
nqaobwl kpwzeh
http://babel.servik.com/the0b3.html the
#650  by  the (201.83.134.254) At 2009-01-06 15:45, 

<< Home


CHATPONG
View full profile