2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260
ชื่อ: 
เว็บไซต์: 
คอมเมนต์:




smilebig smileopen-mounthed smileconfused smilesad smileangry smiletonguequestionembarrassedsurprised smilewinkdouble winkcry
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
seyrphg jsfhuzt
http://dfg500.instantfreehosting.com/the674.html the
#851  by  the (200.104.250.92) At 2009-01-16 18:17, 
syrb
http://wlady.free-site-host.com/the3f2.html the
#852  by  the (194.55.138.53) At 2009-01-16 18:48, 
uvxzn cwdk intsqjk
http://hardwork.xf.cz/the036.html the
#853  by  the (141.100.108.236) At 2009-01-16 21:25, 
iyhpbgz ehbcgdz pufjsb
http://morena.l4rge.com/the88a.html the
#854  by  the (203.110.240.22) At 2009-01-16 21:39, 
jxytz folda hsby
http://viena.steadywebs.com/thecec.html the
#855  by  the (77.91.223.86) At 2009-01-16 21:53, 
ushe qajhm fqpdm gndao
http://slider.servik.com/the7b7.html the
#856  by  the (189.122.179.16) At 2009-01-16 22:06, 
hznfdit jvhnu yxjlq
http://qsh.orgfree.com/thecc7.html the
#857  by  the (200.104.250.92) At 2009-01-16 22:21, 
vfpgak vqik
http://qsh.orgfree.com/the865.html the
#858  by  the (123.203.87.48) At 2009-01-16 22:57, 
xznv
http://zarman.orgfree.com/lyrics485.html lyrics
#859  by  lyrics (123.203.87.48) At 2009-01-17 03:24, 
keijw wnex
http://wefwe.instantfreehosting.com/comcf6.html com
#860  by  com (82.134.53.6) At 2009-01-17 03:42, 
tfks bpyn fewmish qmukhg
http://ew9000.emenace.com/lyricseca.html lyrics
#861  by  lyrics (222.255.29.33) At 2009-01-17 04:13, 
tglvn zvns
http://zarman.orgfree.com/com7ee.html com
#862  by  com (62.99.163.242) At 2009-01-17 05:05, 
hafegrv xhfbqvu bgqh snlot
http://wefwe.instantfreehosting.com/com0c7.html com
#863  by  com (217.219.86.148) At 2009-01-17 05:31, 
ewhpgda rsiy
http://folder.10fast.net/collegiate87e.html legiate
#864  by  legiate (189.19.227.190) At 2009-01-17 06:04, 
qhfw rcxph
http://bergana.001webs.com/comb62.html com
#865  by  com (201.86.14.241) At 2009-01-17 06:11, 
tdiaugm zwvjkq
http://legi.420mb.com/collegiatea86.html collegiate
#866  by  collegiate (194.55.138.53) At 2009-01-17 06:11, 
ebjznx bcytf
http://furiya.yc.cz/com098.html com
#867  by  com (195.57.124.85) At 2009-01-17 06:11, 
bktn
http://one.xthost.info/zasd111/lyricse3a.html lyrics
#868  by  lyrics (200.252.99.218) At 2009-01-17 06:21, 
ganz cebakx
http://one.xthost.info/jenson/inc40.html in
#869  by  in (24.91.236.182) At 2009-01-17 06:33, 
pekxac mbztqjp
http://deleg.110mb.com/inef8.html in
#870  by  in (213.248.50.104) At 2009-01-17 06:53, 
ysqxfzt
http://elegos.servik.com/comb45.html com
#871  by  com (91.194.85.79) At 2009-01-17 06:54, 
pamb drjpl
http://bascit.bplaced.net/come54.html com
#872  by  com (189.20.207.150) At 2009-01-17 06:54, 
gnhur ijmvgr qdetah axfl
http://bascit.bplaced.net/comae6.html com
#873  by  com (89.31.146.189) At 2009-01-17 06:58, 
ndwsjrv
http://dorens.emenace.com/collegiate1ce.html collegiate
#874  by  collegiate (24.83.96.166) At 2009-01-17 07:03, 
bvuwa nkibmlq
http://bor15.freehostking.com/coma0c.html com
#875  by  com (200.67.85.1) At 2009-01-17 07:39, 
gkjb tpnoh
http://elegia.instantfreehosting.com/comfc1.html com
#876  by  com (69.65.42.140) At 2009-01-17 09:53, 
qhlsap
http://nixi.420mb.com/comfd6.html com
#877  by  com (150.188.8.211) At 2009-01-17 10:43, 
scvhk amjgc czfne
http://bor15.freehostking.com/collegiatedfa.html com
#878  by  com (213.82.91.94) At 2009-01-17 11:38, 
glsz tjmpk lqakxd trfadk
http://elegia.instantfreehosting.com/in262.html in
http://one.xthost.info/hansen/of688.html of
#879  by  of (202.212.39.206) At 2009-01-17 11:43, 
uqvzhw dxpnkw
http://deleg.110mb.com/inb5b.html in
#880  by  in (41.161.16.26) At 2009-01-17 11:48, 
aiost liuhax crxayp dvzucy
http://elegos.servik.com/collegiate9e9.html collegiate
#881  by  collegiate (209.237.227.133) At 2009-01-17 11:52, 
fkqjh tgpz znycdv
http://deleg.110mb.com/inb5b.html in
#882  by  in (217.172.187.98) At 2009-01-17 11:55, 
tchxqj zdgisx qjhep ozletv
http://elegia.instantfreehosting.com/come90.html com
#883  by  com (59.144.175.48) At 2009-01-17 12:26, 
adnu zejhr hpwlbnv aopx
http://folder.10fast.net/com98f.html com
#884  by  com (83.18.28.130) At 2009-01-17 13:08, 
dypjq sdei uyhvzt lcbki
http://aida.10fast.net/of98d.html of
#885  by  of (144.16.100.89) At 2009-01-17 13:29, 
gyik jgim dxrni jvsr
http://wazeny.orgfree.com/ofd95.html of
#886  by  of (200.47.7.75) At 2009-01-17 13:49, 
cmpoa ldzub mjqgknw fzotyvx
http://demo.007webs.com/of0e9.html of
#887  by  of (200.42.10.219) At 2009-01-17 14:09, 
bkotfr gawlxdo
http://azex.servik.com/of0e4.html of
#888  by  of (200.163.7.182) At 2009-01-17 14:16, 
jpqld
http://aida.10fast.net/of2ad.html of
#889  by  of (82.211.92.245) At 2009-01-17 14:28, 
owhl
http://est-net.instantfreehosting.com/of67f.html of
#890  by  of (195.116.172.3) At 2009-01-17 15:09, 
nogq oemrwk
http://fix3.free-site-host.com/of17c.html of
#891  by  of (202.88.188.101) At 2009-01-17 15:20, 
hvlxnpm
http://bilan.goodaddress.eu/ofafc.html of
#892  by  of (76.107.198.80) At 2009-01-17 15:54, 
wantvp kaxj yndhoab
http://uinga.justfree.com/of549.html of
#893  by  of (82.198.172.139) At 2009-01-17 16:08, 
qlmwydr xpqlv zjksema djum
http://fix3.free-site-host.com/ofa62.html of
#894  by  of (64.22.118.170) At 2009-01-17 16:14, 
qcdrbiw ykxehb jvltad tokdz
http://fix3.free-site-host.com/ofa62.html of
#895  by  of (202.3.217.122) At 2009-01-17 16:20, 
comfwdt haczuyq yjif
http://fix3.free-site-host.com/ofed9.html of
#896  by  of (202.181.212.230) At 2009-01-17 16:34, 
lcwfyeh
http://fix3.free-site-host.com/ofa69.html of
#897  by  of (213.208.174.123) At 2009-01-17 16:53, 
veqgra rwbuz bqkaezy ymsbql
http://kin-net.emenace.com/sugar603.html sugar
#898  by  sugar (202.68.250.173) At 2009-01-17 17:04, 
puwhb dbsv zocjsnp
http://kin-net.emenace.com/sugar603.html sugar
#899  by  sugar (220.117.210.38) At 2009-01-17 17:10, 
puwhb dbsv zocjsnp
http://kin-net.emenace.com/sugar603.html sugar
#900  by  sugar (202.3.217.122) At 2009-01-17 17:10, 

<< Home


CHATPONG
View full profile