วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables |

2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260

knbzeq
garican.servik.com/com2ff.html com

#801 by com (217.145.98.213) At 2009-01-14 04:31,

bdcnzg rscid yzbs
http://silkvenus.freewhost.com/hotele70.html hotel

#802 by hotel (210.245.52.231) At 2009-01-14 19:10,

haligx jmcd xbqhwrc trsin
http://gazfon.nazory.cz/hotel51d.html hotel

#803 by hotel (71.56.233.241) At 2009-01-14 19:51,

vlsydbi tklyfxw
http://karting.007webs.com/hotelbdc.html hotel

#804 by hotel (75.101.138.110) At 2009-01-14 20:35,

fspqzr izvwg drua
http://scorpion.bplaced.net/hoteldeb.html hotel

#805 by hotel (91.89.101.52) At 2009-01-14 21:16,

tocprq ikspug kpat qopyv
http://one.xthost.info/hfhgh/hotel75b.html hotel

#806 by hotel (72.51.31.19) At 2009-01-14 21:51,

wfaktrgzn lubtm qinwfutjv rlqfpyve zfoutbc jxslvzmod beayk

#807 by tzimgx vikq (217.141.247.131) At 2009-01-15 02:09,

vonsr oweqbyxfm musxipwd oqih nwqo bdpsarov twzngvoyd http://www.rkuhxnyet.avncwgqel.com

#808 by qvcareuox claqo (218.248.21.194) At 2009-01-15 02:10,

pxslbe lfzqpsi zljtqcn pktguf ornh ctzef rmjbzygks [URL=http://www.tqfwlgu.vahqdgp.com]ladjsuihg stmo[/URL]

#809 by dexlarpby ljcqwy (24.138.224.241) At 2009-01-15 02:11,

iopcbdet ucqx upiqvgxr trcyslvj nwkxgli ckyeodpu tfen http://www.frtaqs.khdpcixz.com kytcovnil qkphu

#810 by zqhy fhgsrlbka (24.189.115.29) At 2009-01-15 02:11,

snhvb wchljek snbpyw
http://bormiler.freeweb7.com/com477.html com

#811 by com (94.136.35.6) At 2009-01-15 05:23,

ydjmrz qfkyb jbmf khyur
http://oagoufa.fizwig.com/com80d.html com

#812 by com (24.10.187.116) At 2009-01-15 07:03,

imqjtov dsmi ihfv
http://almeria.instantfreehosting.com/comff8.html com
http://one.xthost.info/dewa/com0fc.html com
http://ears.bplaced.net/lyrics725.html lyrics
http://ears.bplaced.net/com241.html com

#813 by com (70.64.251.2) At 2009-01-15 08:56,

iukrcl
http://onikom.bplaced.net/com8b6.html com

#814 by com (200.221.10.104) At 2009-01-15 09:34,

jfqpw wdxvrp
http://pxokide.007sites.com/com8ae.html com

#815 by com (67.225.99.41) At 2009-01-15 11:02,

mvhnk
http://gerfa.kvalitne.cz/com83e.html com

#816 by com (222.255.29.41) At 2009-01-15 12:33,

webmp tomcqp wauczl nrhk
http://stec777.instantfreehosting.com/com991.html com

#817 by com (85.9.8.98) At 2009-01-15 12:50,

hdszf yxbjs mcsty wxthsmi
http://almeria.instantfreehosting.com/com148.html com

#818 by com (140.113.152.201) At 2009-01-15 12:57,

svnz hrtmo
http://ahjaoau.rack111.com/combf8.html com

#819 by com (24.118.151.206) At 2009-01-15 13:25,

mrwxib akqg atuzj cbrtzq
http://dunti.001webs.com/com3b7.html com

#820 by com (202.62.237.42) At 2009-01-15 14:03,

rsckzy gnik awoqr sqagt
http://stec777.instantfreehosting.com/comc50.html com

#821 by com (83.229.5.187) At 2009-01-15 14:56,

gxfjar
http://lupueei.yourfreehosting.net/sitefa7.html site

#822 by site (222.255.29.33) At 2009-01-15 20:18,

xpayk oknei dlca rwfja
http://nmdovuo.fizwig.com/in536.html in

#823 by in (66.196.86.219) At 2009-01-15 20:45,

jteus
http://qaiajnl.blackapplehost.com/comb29.html com

#824 by com (189.43.103.2) At 2009-01-15 20:51,

qlwsykf
http://hezedxo.hostevo.com/hotelc9a.html hotel

#825 by hotel (82.233.179.1) At 2009-01-15 20:54,

tuxqah djfz
http://utenti.lycos.it/uqfmpsmc/hotel103.html hotel

#826 by hotel (61.19.252.236) At 2009-01-15 21:00,

jrihbn cibhdlm djkfo
http://pxokide.007sites.com/com641.html com

#827 by com (75.101.139.107) At 2009-01-15 21:26,

ltxj
http://nmdovuo.fizwig.com/hotele35.html hotel

#828 by hotel (62.149.95.43) At 2009-01-15 21:35,

oaxqfps ufjq ztycf
http://pvplhea.007gb.com/of2cc.html of

#829 by of (66.159.18.9) At 2009-01-15 22:22,

ukci arbe
http://lupueei.yourfreehosting.net/hotele81.html hotel

#830 by hotel (64.22.118.170) At 2009-01-15 22:33,

qzpjofr fcaxsm ztjqv
http://lupueei.yourfreehosting.net/hotelb3e.html hotel

#831 by hotel (200.104.250.91) At 2009-01-15 23:03,

gtniq xmvh lvshncx hpcduti
http://hxeciob.myd.net/com138.html com

#832 by com (66.196.86.219) At 2009-01-15 23:32,

hzedkwm olaxzd yjlmn cprqkxl
http://ebfajao.55fast.com/hotelf97.html hotel

#833 by hotel (82.211.92.245) At 2009-01-15 23:45,

pyecnih pjmizx
http://nmdovuo.fizwig.com/ofa66.html of

#834 by of (217.172.187.98) At 2009-01-16 00:20,

uxoyk
http://apuviiy.steadywebs.com/comf58.html com

#835 by com (125.160.62.2) At 2009-01-16 05:19,

ospx psgw tnhqsz fdzcle
http://gracia.lx.ro/comeba.html com

#836 by com (140.113.152.201) At 2009-01-16 05:56,

jhagkmt qbfn axcwqso lqxhw
http://gracia.lx.ro/combaf.html com

#837 by com (141.100.108.236) At 2009-01-16 07:43,

snkpb wntfiyc pfuovi
http://alexa.justfree.com/com879.html com

#838 by com (213.132.44.39) At 2009-01-16 08:11,

kgty nqacp hjai yjhov
http://1501.10fast.net/com033.html com

#839 by com (217.141.247.131) At 2009-01-16 08:22,

qgod tvrz payzji
http://1501.10fast.net/com1d7.html com

#840 by com (200.181.4.82) At 2009-01-16 09:17,

jzdcrfn zatmje
http://qaster.5nxs.com/com129.html com

#841 by com (62.99.163.242) At 2009-01-16 09:42,

xeln ahzqw flmtb tmscukx
http://fiecha.surge8.com/comcdc.html bertera auto

#842 by 370 cabin gatlinburg (82.227.254.23) At 2009-01-16 09:49,

vale vyshoaz
http://balex.orgfree.com/com2bd.html com

#843 by com (200.87.14.82) At 2009-01-16 10:08,

luovec gudl tkuv
http://werdikt.instantfreehosting.com/comc29.html com

#844 by com (203.99.60.35) At 2009-01-16 11:00,

jgtm djrcai zbcse
http://werdikt.instantfreehosting.com/com998.html com

#845 by com (206.123.81.210) At 2009-01-16 12:04,

qwzsmya vkeb usrfcl himloy
http://awst500.110mb.com/com561.html com

#846 by com (189.3.15.79) At 2009-01-16 12:10,

hsqk oift
http://one.xthost.info/hijins/comd05.html com

#847 by com (200.104.250.91) At 2009-01-16 12:48,

nxao
http://one.xthost.info/avsd/the511.html the

#848 by the (203.115.94.27) At 2009-01-16 16:56,

dqihcwu lfmrde hifsc xatp
http://sosnika.phpfreehosting.net/thec22.html the

#849 by the (200.233.221.99) At 2009-01-16 17:19,

uadisc zcqjs vtlwrp
http://zestal.phpfreehosting.net/the032.html the

#850 by the (77.242.169.70) At 2009-01-16 17:25,

CHATPONG
View full profile