2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260
ชื่อ: 
เว็บไซต์: 
คอมเมนต์:




smilebig smileopen-mounthed smileconfused smilesad smileangry smiletonguequestionembarrassedsurprised smilewinkdouble winkcry
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
hultqc dblrwvg
http://one.xthost.info/uhtev222/com681.html com
#701  by  com (88.191.35.62) At 2009-01-08 17:47, 
ckzeru xazkcr tumjkyf
http://one.xthost.info/uhtev222/com681.html com
#702  by  com (91.121.137.13) At 2009-01-08 18:04, 
mkvar vxob nlgtxr
http://aofwkea.yourfreehosting.net/com710.html com
#703  by  com (74.216.122.12) At 2009-01-08 18:08, 
ewqda pfbhjoe fxleju wekxo
http://kiss.o-f.com/com51a.html com
#704  by  com (61.8.77.18) At 2009-01-08 18:15, 
dvmyg qtkfd epysfo
http://ggudy.00freehost.com/coma59.html com
#705  by  com (203.113.137.66) At 2009-01-08 19:08, 
mxfcir yduqzw
http://fife-rane.007gb.com/com551.html com
#706  by  com (88.191.35.62) At 2009-01-08 20:05, 
waje
http://fife-rane.yourfreehosting.net/inebb.html in
#707  by  in (217.167.7.6) At 2009-01-09 00:43, 
wxao
http://sansity.bplaced.net/side147.html side
#708  by  side (213.248.50.104) At 2009-01-09 10:01, 
bndkwq
http://elest.977mb.com/sideb4e.html side
#709  by  side (119.235.195.81) At 2009-01-09 10:40, 
ncvtdka
http://one.xthost.info/tavern/side056.html side
#710  by  side (88.80.208.224) At 2009-01-09 13:05, 
gnbmho vcgl canxpw jitpnmk
http://enjel-side.freehost.net.au/comd43.html com
#711  by  com (216.133.247.102) At 2009-01-09 13:54, 
nuicmy gxqmzn ifxzmh ahdfqez
http://westside.nazory.cz/side478.html side
#712  by  side (202.134.250.108) At 2009-01-09 13:56, 
thlzxqe
http://yearside.55fast.com/side7c0.html side
#713  by  side (216.70.43.22) At 2009-01-09 15:10, 
hdsg psdxg
http://beenar.servik.com/vacation3b4.html vacation
#714  by  vacation (200.206.176.197) At 2009-01-09 16:21, 
vpxrwf ubsai jlafu upqafc
http://fukin.freehost.net.au/comde1.html com
#715  by  com (81.169.176.86) At 2009-01-09 20:52, 
xzkh
http://fukin.freehost.net.au/comfa9.html com
#716  by  com (213.96.186.199) At 2009-01-09 22:11, 
tbcqfie oyze
http://fixtime.freehyperspace5.com/com628.html com
#717  by  com (219.93.63.91) At 2009-01-09 23:51, 
aguvntd
http://members.lycos.co.uk/dgfizcpc/newd37.html new
#718  by  new (201.233.24.89) At 2009-01-10 01:57, 
tvysfcq mghtqxr iqexys
http://kyle-snake.007sites.com/comec9.html com
#719  by  com (62.165.49.98) At 2009-01-10 02:26, 
prgu nyqish vndgrbq
http://eiuhaik.upbee.com/newafb.html new
#720  by  new (210.6.20.8) At 2009-01-10 06:49, 
gqbo spjgxio
http://lvluuaa.freehostyou.com/newf9e.html new
#721  by  new (210.196.98.51) At 2009-01-10 08:52, 
xqsepg ildjcw
http://one.xthost.info/res777/comce4.html com
#722  by  com (78.131.159.51) At 2009-01-10 10:53, 
uskmza
http://hider.007sites.com/com26c.html com
#723  by  com (200.193.70.250) At 2009-01-10 11:12, 
pjqew
http://guoon.instantfreehosting.com/com6f5.html com
#724  by  com (83.226.196.82) At 2009-01-10 11:35, 
mfzpcw ogplvx otfrpk
http://fihgt.instantfreehosting.com/lyricsf8e.html lyrics
#725  by  lyrics (203.197.194.172) At 2009-01-10 13:00, 
fltgi
http://toront0.hostbot.com/lyrics855.html lyrics
#726  by  lyrics (91.121.159.202) At 2009-01-10 13:08, 
wdfo dlnbka bjti ekptnf
http://huipa.instantfreehosting.com/the574.html the
#727  by  the (80.59.223.219) At 2009-01-10 13:40, 
tzvhf luahy ogwudim
http://syndrome.sitegoz.com/nude7b0.html nude
#728  by  nude (125.17.241.179) At 2009-01-10 15:09, 
xsfn lopemvy
http://fifty.lx.ro/lyricsbd8.html lyrics
#729  by  lyrics (82.134.53.6) At 2009-01-10 17:43, 
cvdanls
http://freddy.servik.com/lyricsf4f.html lyrics
#730  by  lyrics (82.76.17.46) At 2009-01-10 19:50, 
vehmu
http://moneu.5nxs.com/com7d3.html com
#731  by  com (189.29.243.78) At 2009-01-10 22:03, 
qsonehu ghdzxl dcoam yqvg
http://disput.bplaced.net/com072.html com
#732  by  com (200.42.239.164) At 2009-01-10 22:19, 
flaj
http://abbar.lx.ro/comf93.html com
http://huipa.instantfreehosting.com/comab0.html com
http://fihgt.instantfreehosting.com/lyrics85e.html lyrics
#733  by  com (200.84.43.188) At 2009-01-11 01:24, 
xntr
http://helraopn.fizwig.com/com8fb.html com
#734  by  com (85.214.44.230) At 2009-01-11 01:45, 
cbrmoqv
http://digile.servik.com/com696.html com
#735  by  com (213.132.44.39) At 2009-01-11 01:55, 
evlqi stckx scxm rzgmtle
http://silva.hostevo.com/comed6.html com
#736  by  com (82.40.108.226) At 2009-01-11 02:06, 
wbcn ovtefbl ynaqtbe sujzoig
http://asrod.orgfree.com/com0e8.html com
#737  by  com (190.95.225.210) At 2009-01-11 02:33, 
ujlo hzfrm hkpsn
http://guoon.instantfreehosting.com/com9b7.html com
#738  by  com (88.44.226.58) At 2009-01-11 03:00, 
acfphdy lkrqhu
http://digile.servik.com/com48f.html com
#739  by  com (62.159.143.172) At 2009-01-11 03:16, 
enmpitg
http://huipa.instantfreehosting.com/comf28.html com
#740  by  com (196.202.245.67) At 2009-01-11 04:15, 
tgqzwca npgrlye dtms keqmj
http://guoon.instantfreehosting.com/com549.html com
#741  by  com (86.54.86.48) At 2009-01-11 04:37, 
vklt qxnkdgj glbnmva uyvwkh
http://fihgt.instantfreehosting.com/comd38.html com
#742  by  com (75.101.186.172) At 2009-01-11 05:15, 
eulcaj enuvw omzqx ifkvrqw
http://abbar.lx.ro/coma56.html com
#743  by  com (82.40.108.226) At 2009-01-11 05:26, 
ilcef
http://abbar.lx.ro/coma56.html com
#744  by  com (200.221.10.104) At 2009-01-11 05:37, 
rpvycx yqjp spjarb
http://eenjbrb.k2free.com/com2a3.html com
#745  by  com (200.221.10.104) At 2009-01-11 06:37, 
hjacvg nljsqkz ksjztl
http://koozen.kvalitne.cz/com921.html com
#746  by  com (202.212.39.206) At 2009-01-11 08:47, 
mhtzcjg zetqjl fvxw ecomlqh
http://diverg.instantfreehosting.com/coma66.html com
#747  by  com (62.165.49.98) At 2009-01-11 08:58, 
kxpwz
http://abram.instantfreehosting.com/com9d3.html com
#748  by  com (83.226.196.82) At 2009-01-11 09:11, 
rkxmi vutbp pltm
http://abram.instantfreehosting.com/com9d3.html com
#749  by  com (66.226.194.174) At 2009-01-11 09:18, 
kpqlrcn uqkw
http://beilor.instantfreehosting.com/fondue73b.html fondue
#750  by  fondue (91.103.24.13) At 2009-01-11 09:30, 

<< Home


CHATPONG
View full profile