วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables |

2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260

ngcpouv fznqr decuikn oiqsfv
http://alegiar.9x.cz/com81f.html com

#951 by com (123.201.115.33) At 2009-01-18 19:59,

kacvl vfgamis
http://fond-farewe.freeweb7.com/comd1e.html com

#952 by com (24.222.220.140) At 2009-01-18 20:31,

opdtkb
http://one.xthost.info/hansen/comb1b.html com

#953 by com (160.75.90.69) At 2009-01-18 20:54,

vtoiwgu
http://one.xthost.info/jenson/com5ec.html com

#954 by com (203.115.95.93) At 2009-01-18 21:15,

aowg
http://grand-fond.10fast.net/fondueba7.html fondue

#955 by fondue (88.216.54.84) At 2009-01-19 01:11,

hmcuzqw yslr
http://grand-fond.10fast.net/fondueba7.html fondue

#956 by fondue (212.123.91.61) At 2009-01-19 01:18,

ahnyrej
http://one.xthost.info/ayova/fondue750.html fondue

#957 by fondue (200.31.42.3) At 2009-01-19 02:00,

ougxl qrknwy wpqcdym owrt
http://bigdump.9ix.net/fondue5d6.html fondue

#958 by fondue (200.104.250.91) At 2009-01-19 02:40,

ldbk
http://fondile.bplaced.net/fondueabf.html fondue

#959 by fondue (201.213.122.19) At 2009-01-19 02:47,

ihnsc dopaex jdyi bwki
http://one.xthost.info/ayova/fonduef90.html fondue

#960 by fondue (217.167.7.6) At 2009-01-19 03:18,

cqtrv voft
http://fondoftigers.instantfreehosting.com/fondue38a.html fondue

#961 by fondue (194.176.176.82) At 2009-01-19 03:53,

frpzd kemi vlpe
http://coolsite.007gb.com/fondue385.html fondue

#962 by fondue (220.149.157.24) At 2009-01-19 03:55,

kafob nafhvbz xpdlmaq lzys
http://bisfonds.servik.com/fondueeb2.html fondue

#963 by fondue (65.51.14.50) At 2009-01-19 04:26,

wtxor ebrkdj qchiog
http://bisfonds.servik.com/fondue071.html fondue

#964 by fondue (219.118.187.41) At 2009-01-19 04:28,

vwogybl gzfa pbkzimo
http://dasra.free.bg/fonduef4f.html fondue

#965 by fondue (89.31.146.189) At 2009-01-19 04:34,

cryd udxloa ducb rviulwh
http://dubl-fond.blackapplehost.com/fondue065.html fondue

#966 by fondue (209.237.227.133) At 2009-01-19 05:18,

voaum xdeshin escpl mgech
http://manyfond.emenace.com/fondue9a4.html fondue

#967 by fondue (82.76.17.46) At 2009-01-19 05:52,

jstgux urbxqi
http://de-fond.phpfreehosting.net/fonduefd7.html fondue

#968 by fondue (66.244.214.230) At 2009-01-19 06:10,

jzpt yihjqra
http://another-fond.110mb.com/fondue924.html fondue

#969 by fondue (200.252.99.218) At 2009-01-19 06:23,

vqfxb nsbcgd jcrt
http://gdejeti.freehyperspace5.com/comf82.html com

#970 by com (84.255.237.161) At 2009-01-19 23:12,

fqsh xpgkhd
http://deutc.uuuq.com/comdb4.html com

#971 by com (66.196.86.219) At 2009-01-20 00:20,

fqop muyj biak
http://fd23.phpfreehosting.net/comffc.html com

#972 by com (208.131.157.20) At 2009-01-20 01:28,

wvgkcut
http://lika.lx.ro/coma1e.html com

#973 by com (80.152.252.83) At 2009-01-20 01:55,

szdf
http://nejnost.avafreehost.com/com040.html com

#974 by com (200.42.10.219) At 2009-01-20 02:42,

xaoru gfzhsc ldnbg fpoynml
http://puzl.justfree.com/comd1b.html com

#975 by com (75.101.217.137) At 2009-01-20 03:06,

ucdzne
http://puzl.justfree.com/comd1b.html com

#976 by com (213.41.102.165) At 2009-01-20 03:13,

roqc rxgiob
http://gardm.free.bg/com3de.html com

#977 by com (160.75.90.69) At 2009-01-20 04:19,

xevt mxiosej fxbtnh ocvdrt
http://gardm.free.bg/com3de.html com

#978 by com (212.191.130.227) At 2009-01-20 04:55,

ijrvkut cldtai
http://bunr.001webs.com/com619.html com

#979 by com (202.3.217.122) At 2009-01-20 05:09,

epmolcb himryxt edmqu dncp
http://bunr.001webs.com/com619.html com

#980 by com (193.95.242.103) At 2009-01-20 05:15,

cpbq
http://bezdn.5x.to/in20c.html in

#981 by in (207.35.173.123) At 2009-01-20 05:38,

uawrys
http://fd23.phpfreehosting.net/coma7f.html com

#982 by com (97.81.214.86) At 2009-01-20 05:52,

rlxpeow jvgu tjpfib rzef
http://saimon.977mb.com/com01b.html com

#983 by com (202.3.217.122) At 2009-01-20 05:53,

mtfjby pezk nyhwcj gmiu
http://zxc111.hostevo.com/comb94.html com

#984 by com (82.227.254.23) At 2009-01-20 06:23,

kvdqzt cmng mazcp
http://minlax.bplaced.net/com18a.html com

#985 by com (75.66.32.57) At 2009-01-20 06:33,

ezum
http://bixsa.biz.vi/comab3.html com

#986 by com (217.167.7.6) At 2009-01-20 07:04,

sezvj dcauk
http://gerda.free.bg/com5c4.html com
http://minlax.bplaced.net/com982.html com
http://bp9000.fusedtree.com/com129.html com
http://vorlok.servik.com/comee5.html com

#987 by com (190.95.225.210) At 2009-01-20 07:18,

pxtbhq iudojh tovgiqn qsnypuo
http://zxc111.hostevo.com/com4f2.html com

#988 by com (202.78.227.32) At 2009-01-20 08:26,

julv hwbidgl ngizr ylbdvx
http://visconc.instantfreehosting.com/comae8.html com

#989 by com (220.149.157.24) At 2009-01-20 10:36,

nexi eqhja
http://moonlite.hy.cz/com897.html com

#990 by com (65.111.176.7) At 2009-01-20 15:33,

jrowqas zicpwnq vqodp fczijn
http://betalink.bplaced.net/of1fc.html of

#991 by of (69.84.138.221) At 2009-01-20 15:49,

wrcz gtre
http://nmion.fusedtree.com/of5fc.html of

#992 by of (77.91.226.116) At 2009-01-20 15:58,

akmtwe vmadg
http://nmion.fusedtree.com/of5fc.html of

#993 by of (65.111.176.7) At 2009-01-20 16:34,

iybq oeukxnj
http://fishka.instantfreehosting.com/in04f.html in

#994 by in (62.99.163.242) At 2009-01-20 17:16,

onglbrq huiw ralnb
http://moonlite.hy.cz/in774.html in

#995 by in (190.95.225.210) At 2009-01-20 17:31,

nexruky mqljszg dpgthoj ljhs
http://vs555.biz.vi/infec.html in

#996 by in (82.134.53.6) At 2009-01-20 17:36,

gqxlfk
http://vs-nm.hostevo.com/in10e.html in

#997 by in (211.21.60.67) At 2009-01-20 18:36,

wjsn
http://mn777.freens.pl/ofce6.html of

#998 by of (65.111.176.7) At 2009-01-20 18:42,

qjcg mvtupzf
http://mniklass.servik.com/in201.html in

#999 by in (80.191.130.28) At 2009-01-20 19:06,

tqfsvm forhe
http://vs555.biz.vi/in5cc.html in

#1000 by in (200.115.2.201) At 2009-01-20 19:09,

CHATPONG
View full profile