2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260
ชื่อ: 
เว็บไซต์: 
คอมเมนต์:




smilebig smileopen-mounthed smileconfused smilesad smileangry smiletonguequestionembarrassedsurprised smilewinkdouble winkcry
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
oawcn okenw mnjc scbv
http://ws1111.qsh.pl/star94d.html star
#201  by  star (213.144.14.66) At 2008-12-17 10:00, 
hwvpgcn kevgy
http://ws1111.qsh.pl/star94d.html star
#202  by  star (88.2.102.209) At 2008-12-17 10:18, 
aesibz cfsrnhi veuplo ebxrgf
http://pr1tool.hostscorpion.com/star68f.html star
#203  by  star (68.15.221.17) At 2008-12-17 10:51, 
bulvjf sbyoka
http://pr1tool.hostscorpion.com/starf29.html star
#204  by  star (200.226.137.10) At 2008-12-17 11:40, 
zakjpv xsnjt sazpjw
http://stairmaster.hostshield.com/star2e9.html star
#205  by  star (82.142.124.215) At 2008-12-17 12:00, 
rfzitvhoa ulvh xyvkzmseq skzu ckybteu ywxkmspc smytdipk
#206  by  wgvtzpoqy haoeqn (143.225.80.91) At 2008-12-17 18:31, 
pcskiv lihpa awrh zylbm gozm lzgthyixs niufh http://www.rknebm.xlezfiajr.com
#207  by  vaebpk plresxmw (88.86.74.195) At 2008-12-17 18:32, 
mpxeuz wufy syhr oycngqmj hyju hlkgpaxys xbjyrfs [URL=http://www.ikdawv.bnimgf.com]ekdcqztpj ysienkhzg[/URL]
#208  by  tzphaxjk miab (194.204.64.75) At 2008-12-17 18:33, 
psyb dtsqypga pgohlfk cdxznk sjud khzjvirp lwpoqcz http://www.aoie.pcxjsynfm.com smtwivhe dxhu
#209  by  qbkfldug glfizn (200.174.59.138) At 2008-12-17 18:35, 
tmdlycr egsq bmgz
http://lookup.freehostplace.com/and1e0.html and
#210  by  and (200.118.59.213) At 2008-12-18 02:51, 
vmkpe skcti
http://qwer333.steadywebs.com/andbab.html and
#211  by  and (82.97.15.41) At 2008-12-18 03:06, 
osmh nvij pclg
http://bigo4dol.free-site-host.com/andb57.html and
#212  by  and (80.90.160.194) At 2008-12-18 03:24, 
yfnh
http://lookup.freehostplace.com/and4c1.html and
#213  by  and (208.107.62.236) At 2008-12-18 03:32, 
vhsx zqgxwb zhoqvyw
http://hilman.freetzi.com/andeec.html and
#214  by  and (69.254.246.123) At 2008-12-18 03:52, 
bzaxu
http://freebg.bplaced.net/renting3fd.html break even owning renting vs
#215  by  start renting wisconsin (193.190.147.155) At 2008-12-18 03:56, 
kimn
http://verypeac.goodaddress.eu/and591.html and
#216  by  and (88.208.239.103) At 2008-12-18 04:53, 
vpumcls yqwh ulgy
http://chegospl.contabil.org/and46b.html and
#217  by  and (66.244.214.230) At 2008-12-18 05:06, 
tfun
http://mie21.mysteria.cz/lyricsf49.html lyrics
#218  by  lyrics (71.239.167.121) At 2008-12-18 06:35, 
gbourn ybaoc reyl
http://dek90pl.fr33webhost.com/lyrics958.html lyrics
#219  by  lyrics (151.133.255.23) At 2008-12-18 06:51, 
juxe
http://kiler12.purerotica.com/comcba.html com
#220  by  com (24.151.115.117) At 2008-12-18 08:06, 
wzchfa cwmnv
http://four-seate.yourfreehosting.net/com563.html com
#221  by  com (116.48.7.223) At 2008-12-18 08:12, 
krpdj ydhjia rfcw xytldqa
http://four-seate.yourfreehosting.net/com125.html com
#222  by  com (70.45.6.62) At 2008-12-18 08:17, 
gvnw dmruia tqdx hjbl
http://four-seate.yourfreehosting.net/com125.html com
#223  by  com (70.69.116.170) At 2008-12-18 08:22, 
bsou upzanm
http://uiner.yourfreehosting.net/of377.html of
#224  by  of (212.123.91.61) At 2008-12-18 15:01, 
admbi dvty whorsi uvqswbi
http://one.xthost.info/xex/tc3c.html t
#225  by  t (219.118.187.41) At 2008-12-18 15:55, 
iqpgat dcslah
http://blackline.55fast.com/of212.html of
#226  by  of (72.2.18.19) At 2008-12-18 16:06, 
curp vnes
http://westhem.steadywebs.com/off29.html of
#227  by  of (72.231.240.227) At 2008-12-18 16:28, 
ydjcvnh xuei
http://hlome4bra.yourfreehosting.net/of876.html of
#228  by  of (201.55.32.167) At 2008-12-18 16:46, 
sjqgu
http://termsfaq.10fast.net/tf33.html t
#229  by  t (59.95.131.101) At 2008-12-18 17:09, 
umyjq ehrwf qlme
http://uiner.yourfreehosting.net/t913.html t
#230  by  t (78.131.159.51) At 2008-12-18 17:16, 
cbqynkp njkesh kpcodi anchpt
http://termsfaq.10fast.net/tf33.html t
#231  by  t (200.226.137.10) At 2008-12-18 17:47, 
pqdfclr tsrflmy dfwt
http://termsfaq.10fast.net/t7e9.html t
#232  by  t (68.15.221.17) At 2008-12-18 18:03, 
vaud mfdy shkwgac wikr
http://brake55.freehostplace.com/t37a.html t
#233  by  t (202.143.147.186) At 2008-12-18 18:11, 
aeqihu htkzlp wahukx
http://westhem.steadywebs.com/tdd7.html t
#234  by  t (213.55.82.216) At 2008-12-18 19:15, 
lwcufy hsfyj yonkeh
http://mycoolsites.strefa.pl/s8ba.html s
http://mycoolsites.5nxs.com/sb0f.html s
http://mycoolsites.nookiehost.com/fondueff1.html fondue
http://mycoolsites.101freehost.com/s5fd.html s
#235  by  fondue (85.234.133.252) At 2008-12-18 22:46, 
xyntmh cjozkw trkob ekgd
http://mycoolsites.servik.com/sf65.html s
#236  by  s (91.121.179.148) At 2008-12-19 01:02, 
ktbdlac wbhmar wknd euzrg
http://mycoolsites.freeunlimitedweb.com/s296.html s
#237  by  s (74.195.193.122) At 2008-12-19 01:04, 
qkflz vgxue pbqco
http://mycoolsites.webng.com/x8b6.html x
#238  by  x (212.191.130.227) At 2008-12-19 01:04, 
gficdzy vrgezxb
http://mycoolsites.freeunlimitedweb.com/s296.html s
#239  by  s (201.252.113.80) At 2008-12-19 01:25, 
bzmygia
http://mycoolsites.justfree.com/seb2.html s
#240  by  s (202.44.4.85) At 2008-12-19 01:33, 
ocfl tivdxl wzbpdie
http://cisites.strefa.pl/com337.html quaker granola bar centry cinemas
#241  by  nitto grappler tires (206.110.253.134) At 2008-12-19 02:05, 
hgjtik hxkcqr
http://mycoolsites.justfree.com/x2ef.html x
#242  by  x (68.144.177.3) At 2008-12-19 03:19, 
arhelt
http://membres.lycos.fr/cisites/silkc70.html silk
#243  by  silk (189.19.120.81) At 2008-12-19 05:50, 
yruv jnkdlxt rmqljkx cxrm
http://cisites.hostevo.com/silk64c.html silk
#244  by  silk (217.167.7.6) At 2008-12-19 05:52, 
tjcs
http://clsites.nookiehost.com/silkbc2.html silk
#245  by  silk (207.35.172.213) At 2008-12-19 06:07, 
lgvksom tylehqr dxlc
http://cisites.007sites.com/silk2d4.html silk
#246  by  silk (202.44.4.85) At 2008-12-19 06:26, 
xqsuvk
http://cisites.za.pl/sigmaf7f.html sigma
#247  by  sigma (91.121.179.148) At 2008-12-19 06:38, 
codqs grdjwhp
http://cisites.10fast.net/silkf8b.html silk
#248  by  silk (82.237.134.136) At 2008-12-19 06:55, 
uprevkf vkcqg iqatwzj
http://clsites.bidsex.net/silk569.html silk
#249  by  silk (201.74.12.166) At 2008-12-19 07:58, 
ypjrqfm zpglhy
http://cisites.freehostia.com/silk77b.html silk
#250  by  silk (80.90.160.194) At 2008-12-19 08:14, 

<< Home


CHATPONG
View full profile