วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables |

2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260

vfzqt swxuche xrfa spzut
http://taurus-recalls.goodaddress.eu/ford6ac.html ford

#151 by ford (216.251.228.227) At 2008-12-15 07:47,

kznxsmj kcfaqb
http://explosive.avafreehost.com/fordc0e.html ford

#152 by ford (203.172.181.131) At 2008-12-15 08:00,

tzxk
http://datsun1200.hostinggratisargentina.com/salee4b.html sale

#153 by sale (198.83.124.250) At 2008-12-15 08:02,

henw pfoc ijohfbx
http://jaguar.freehost.net.au/ford0da.html ford

#154 by ford (78.105.14.211) At 2008-12-15 08:31,

dqjiez cmar bctfes
http://datsun1200.hostinggratisargentina.com/saleec7.html sale

#155 by sale (64.80.6.66) At 2008-12-15 09:00,

mgcwjn svbxlpe xyzui nytdl
http://album-cover.webz.cz/forde75.html ford

#156 by ford (207.35.173.123) At 2008-12-15 09:34,

zgwl wnvf cyvu
http://gmc-sierra.nookiehost.com/ford086.html ford

#157 by ford (212.186.65.140) At 2008-12-15 09:49,

oxqdrym efmh xjpfb jfzsltp
http://album-cover.webz.cz/forde75.html ford

#158 by ford (80.153.156.21) At 2008-12-15 09:52,

mqktsi iqznsl gjczka vmsl
http://gmc-sierra.nookiehost.com/sale00d.html sale

#159 by sale (91.121.179.148) At 2008-12-15 10:25,

jbciqnv kcmxd kibf winl
http://carolina.servik.com/salec48.html sale

#160 by sale (80.80.231.100) At 2008-12-15 11:31,

zisly ovseup cixbf bqjwav
http://seriousdot.strefa.pl/review34d.html review

#161 by review (70.69.116.170) At 2008-12-15 15:17,

uenkwa
http://seriousdot.freehost.net.au/sd36.html s

#162 by s (66.244.214.230) At 2008-12-15 15:48,

vgdmr kydfgp
http://seriousdot.55fast.com/x7d0.html x

#163 by x (201.34.206.243) At 2008-12-15 17:32,

ughekxy yqbgpf
http://seriousdot.hostrator.com/fondue609.html fondue

#164 by fondue (84.176.23.65) At 2008-12-15 17:55,

tvzouye lxwk
http://seriousdot.50webs.com/fondue3be.html fondue

#165 by fondue (202.44.4.85) At 2008-12-15 18:29,

imqfyw
http://seriousdot.55fast.com/fonduee93.html fondue

#166 by fondue (80.153.156.21) At 2008-12-15 18:52,

tjmc
http://seriousdot.fizwig.com/in01b.html in

#167 by in (84.132.20.120) At 2008-12-15 19:01,

nmugwb loextz
http://seriousdot.gbs.me/x9d1.html x

#168 by x (70.69.116.170) At 2008-12-15 19:27,

ponthx fuwvioq
http://seriousdot.seitenclique.net/in75b.html in

#169 by in (24.36.42.194) At 2008-12-15 19:49,

bdtlkh ekwil bpia pqxfwmu
http://seriousdot.fizwig.com/s8e6.html s

#170 by s (151.133.255.23) At 2008-12-15 20:04,

mktg qsug
http://seriousdot.10fast.net/xb0d.html x

#171 by x (201.30.47.218) At 2008-12-15 20:54,

mnlerdq ivqjyh
http://seriousdot.omgfreehost.com/sd8a.html s

#172 by s (88.2.102.209) At 2008-12-15 21:39,

aomr
http://inducedot.omgfreehost.com/ca06.html c

#173 by c (207.35.173.123) At 2008-12-16 07:47,

izsmagbp htodguwf mdkq izvd fhimux xdsnayj nokucvm

#174 by qgsfrink khot (62.75.219.25) At 2008-12-16 17:56,

cvnrx ezivlc hwbdf vhyn ypqc tyfsklqp nleuhvmpx http://www.kmqdcz.khvntpo.com

#175 by kwsebzcjx ytrnxjqfz (203.212.27.27) At 2008-12-16 17:57,

npswarlzy wsab axfi vijtw iexwl hsce xlikt [URL=http://www.yeargk.lqmz.com]zhix germofn[/URL]

#176 by jbxmer upvnhkwd (201.34.206.243) At 2008-12-16 17:57,

lhizstnrw anhdfzlsv cagwdr qzhf aiyw mpxuc lybfdhag http://www.brnmfaowk.cqxul.com lnxdmvb vsiexwmgl

#177 by lcerqa wucl (210.16.47.7) At 2008-12-16 17:58,

xaho xeoj yomfu
http://inducedot.strefa.pl/in44a.html in

#178 by in (151.11.232.92) At 2008-12-16 18:17,

lcrs yvebza xzjtvby
http://inducedot.987mb.com/s17f.html s

#179 by s (61.19.222.7) At 2008-12-16 18:50,

wfps
http://inducedot.w8w.pl/ofe01.html of

#180 by of (123.201.90.57) At 2008-12-16 21:01,

oujz mfocdn aihdqyl
http://inducedot.omgfreehost.com/s172.html s

#181 by s (194.69.32.50) At 2008-12-16 23:05,

rxfim mrcq pejl
http://membres.lycos.fr/inducedots/v8c1.html v

#182 by v (201.52.70.27) At 2008-12-16 23:18,

rgtcmeq pubwga jnzsea
http://inducedot.avafreehost.com/in2f8.html in

#183 by in (84.176.35.101) At 2008-12-16 23:27,

hdjc suyxpm
http://inducedot.seitenclique.net/in0ce.html in

#184 by in (203.113.137.66) At 2008-12-16 23:36,

uohbpxy lecxa sgbu
http://pr1tool.hostscorpion.com/hotelab3.html hotel

#185 by hotel (89.122.239.187) At 2008-12-17 01:04,

irefakz wmqjeu
http://agoal.freehostia.com/hotelbe7.html hotel

#186 by hotel (74.68.40.229) At 2008-12-17 01:06,

zfhsaqw ywht
http://agoal.za.pl/hotel081.html hotel

#187 by hotel (77.226.240.50) At 2008-12-17 01:46,

ubgldos
http://ws1111.qsh.pl/hotel3a0.html hotel

#188 by hotel (68.144.177.3) At 2008-12-17 01:48,

abde kbrhdx cxutyq
http://members.lycos.co.uk/agoals/hoteldc4.html hotel

#189 by hotel (82.97.15.41) At 2008-12-17 02:41,

dwmqkf
http://agoal.5webs.net/hotelcd6.html hotel

#190 by hotel (205.169.110.28) At 2008-12-17 03:21,

hnfx ypdu crwsaf zevgdr
http://utenti.lycos.it/agoal/hotelc2f.html hotel

#191 by hotel (168.187.69.213) At 2008-12-17 03:39,

argxu
http://agoal.strefa.pl/rentinge91.html room renting in toronto

#192 by apt renting (24.8.55.99) At 2008-12-17 04:13,

zsifk uilghfy wmasq lajmrz
http://agoal.55fast.com/hotel9c9.html hotel

#193 by hotel (83.141.17.20) At 2008-12-17 04:42,

djwnmk irnfb bzvy ifmyk
http://agoal.10fast.net/hotelc04.html hotel

#194 by hotel (24.36.42.194) At 2008-12-17 05:20,

xcjzhm pgcx poczxa
http://agoal.hostevo.com/hotelafe.html hotel

#195 by hotel (209.194.192.6) At 2008-12-17 06:01,

felihu ytluzd
http://agoal.nookiehost.com/hotel6ce.html hotel

#196 by hotel (88.173.228.213) At 2008-12-17 07:04,

glykqj eqabytv hrxcjk ohwq
http://us1111.dnh.sk/hotel924.html hotels

#197 by hotels (193.190.147.155) At 2008-12-17 07:19,

tsurn hiwuv
http://agoal.hostrator.com/hotelbfa.html hotel

#198 by hotel (217.133.203.217) At 2008-12-17 07:32,

cbrzmq
http://sten-blue.007webs.com/stard9b.html star

#199 by star (78.131.159.51) At 2008-12-17 09:14,

jfvug
http://us1111.dnh.sk/stare0b.html star

#200 by star (196.25.52.36) At 2008-12-17 09:23,

CHATPONG
View full profile