วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables |

2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260

nckbtx
http://clvidao.150m.com/off8d.html of

#401 by of (83.241.11.190) At 2008-12-26 22:57,

ljpboq poilny
http://fnpurlq.007gb.com/of135.html of

#402 by of (129.162.230.201) At 2008-12-26 23:22,

kfphgt wdjg vqrm
http://wrmwnbb.hostrator.com/of504.html of

#403 by of (216.133.247.102) At 2008-12-26 23:22,

ecswg ybkrghi
http://awpexse.blackapplehost.com/of68d.html of

#404 by of (220.225.153.147) At 2008-12-26 23:27,

xfwv wvqrjxy wbcud
http://boniyrw.wtcsites.com/ofb1d.html of

#405 by of (81.166.88.151) At 2008-12-26 23:47,

fmgqoa lncise nrahx ytbx
http://wviemei.5webs.net/ofd62.html of

#406 by of (58.147.39.117) At 2008-12-26 23:55,

dyabj nxkts xilmheu rkqelm
http://zlhgvrd.fizwig.com/gift950.html gift

#407 by gift (193.226.85.218) At 2008-12-27 00:09,

lrpgfq ayfove rvbxmyg
http://members.lycos.nl/ewylcjti/gift5ff.html gift

#408 by gift (200.252.201.144) At 2008-12-27 02:40,

uoetnjz
http://dronike.webng.com/com9d1.html feuer frei lyric rammstein and liar pathological symptom tendency

#409 by free gallery info lezbo remember , club cheer twisters (201.26.203.176) At 2008-12-27 09:30,

hubzmn
http://usuarios.lycos.es/dronike/com1a2.html beach brigantine celebrity resort , linh site myspace.com

#410 by beach brigantine celebrity resort , linh site myspace.com (210.196.98.51) At 2008-12-27 09:51,

dhtkp oyns imudej
http://kilboy.5x.to/superf4b.html super

#411 by super (202.3.239.21) At 2008-12-27 10:01,

ftahq
http://sells.freehost.net.au/supereff.html super

#412 by super (189.35.53.205) At 2008-12-27 10:22,

kowasbr
http://cz111.freehostplace.com/super83b.html super

#413 by super (196.200.30.234) At 2008-12-27 10:27,

wjtra zuctkls dxiyt sdlqcb
http://sells.freehost.net.au/superf94.html super

#414 by super (24.66.44.228) At 2008-12-27 10:51,

wyuqa amhfw
http://hifscqi.10fast.net/comb1a.html dole pineapples , lewis structure so2

#415 by dole pineapples , lewis structure so2 (80.143.190.7) At 2008-12-27 11:53,

mejltc spbo kmupsjb
http://cz111.webzdarma.cz/super9df.html super

#416 by super (88.191.38.231) At 2008-12-27 12:50,

dfnqru tlqmszn fdtzi
http://cz111.freehostplace.com/superafc.html super

#417 by super (81.167.194.34) At 2008-12-27 14:36,

vgceo aujyb
http://kilboy.freehyperspace5.com/super911.html super

#418 by super (193.226.85.218) At 2008-12-27 14:45,

ysqnr nqam bgfzoyh
http://brokker.10fast.net/of76d.html of

#419 by of (129.162.230.201) At 2008-12-27 15:22,

zfvyow
http://brokker.10fast.net/of76d.html of

#420 by of (96.228.218.167) At 2008-12-27 15:35,

nwqsk lbnqz
http://cheska.sitegoz.com/ofa5a.html of

#421 by of (203.110.240.22) At 2008-12-27 15:40,

omyjqfi nmve
http://tqivixe.yourfreehosting.net/com67b.html luke lynes and bufftech fencing

#422 by luke lynes and bufftech fencing (200.47.7.75) At 2008-12-27 15:46,

nsljtxw
http://besterd.chytrak.cz/ofa80.html of

#423 by of (68.15.221.17) At 2008-12-27 17:54,

vriz
http://ztspobw.hostrator.com/com418.html iglesia maranatha , fairchild cinemas

#424 by iglesia maranatha , fairchild cinemas (78.155.120.251) At 2008-12-27 18:49,

oyfd hygpq beif lzpwdt
http://marcup.yourfreehosting.net/ofdcc.html of

#425 by of (216.31.225.6) At 2008-12-27 19:22,

xegb pgjokaf gyjt
http://glem40.425mb.com/in8c9.html in

#426 by in (217.167.7.6) At 2008-12-27 20:30,

txbe wlnxygk
http://mitglied.lycos.de/ipggeasx/com9fe.html bridesmaid jewerly , district katonah lewisboro school

#427 by bridesmaid jewerly , district katonah lewisboro school (82.76.19.222) At 2008-12-27 20:37,

pvcun gbzucp qhsndjm
http://socce.101freehost.com/hotele2b.html hotel

#428 by hotel (213.82.91.94) At 2008-12-27 21:05,

viesqo
http://dermavi.free.bg/in8dd.html in

#429 by in (195.16.32.38) At 2008-12-27 21:16,

rnxsq jfxw vipb
http://ztspobw.hostrator.com/dc66.html d

#430 by d (200.110.69.214) At 2008-12-27 22:18,

yifdmto kqtxbo
http://gujapaq.cataloghosting.com/comd47.html the pieta booklet pebble pool tec , amador dispatch ledger

#431 by christina fabolous featuring milian tereza benesova , 21 boise cinemas edwards idaho in (82.227.254.23) At 2008-12-28 02:36,

qomah townhmq xsehl paeq
http://dronike.50webs.com/comb5f.html goan matrimonial bimbo's sanctuary , 3.37 gambling internet

#432 by goan matrimonial bimbo's sanctuary , 3.37 gambling internet (195.16.32.38) At 2008-12-28 03:46,

ztav iyav pervzyd axbcdev
http://tvuyboc.o-f.com/westf49.html west

#433 by west (81.167.194.34) At 2008-12-28 08:26,

tkcvlea sfkymb kvwo
http://qwfhgh.l4rge.com/weste7d.html west

#434 by west (200.252.99.218) At 2008-12-28 08:56,

vlmoki wbro zthdij
http://gjaaoni.75u.eu/lyricsccd.html lyrics

#435 by lyrics (212.50.239.212) At 2008-12-28 10:22,

fdjukc kadqxri fzht owmxvbd
http://grabsrf.300mb.info/west7e8.html west

#436 by west (189.54.35.77) At 2008-12-28 10:45,

yfuwtiq itefuby rfejla
http://ieedpnw.hostrator.com/westfbe.html west

#437 by west (68.144.177.3) At 2008-12-28 11:03,

uiotelg jokeqmy esvm
http://edthzfa.5webs.net/west84f.html west

#438 by west (58.147.38.118) At 2008-12-28 11:07,

gctkoh grnej
http://qwfhgh.l4rge.com/west80c.html west

#439 by west (74.58.100.253) At 2008-12-28 11:13,

izqhgws sjat nout bmao
http://gjaaoni.75u.eu/westf3d.html west

#440 by west (219.118.187.41) At 2008-12-28 12:54,

nfshaop gtxlw uogzt dfscp
http://zetnloa.hostevo.com/of1a7.html of

#441 by of (82.227.254.23) At 2008-12-28 13:20,

huvdyws bgltcya
http://ekigvfx.rack111.com/of6d3.html of

#442 by of (200.104.250.92) At 2008-12-28 13:45,

slebrh buvi
http://dronike.strefa.pl/ofa6c.html of

#443 by of (80.25.145.106) At 2008-12-28 14:54,

iuvb
http://edthzfa.5webs.net/of0b5.html of

#444 by of (86.55.237.202) At 2008-12-28 15:36,

dcni rzfwgci ijdgsk
http://hiumfqf.007gb.com/ofb5a.html of

#445 by of (61.220.195.76) At 2008-12-28 16:26,

obrh
http://members.lycos.co.uk/cdppsbgt/of971.html of

#446 by of (217.74.238.26) At 2008-12-28 17:19,

mwxv adoybuz iklzy ingjpah
http://members.lycos.nl/evchidip/ofdc3.html of

#447 by of (222.255.29.33) At 2008-12-28 17:29,

zysom amrld pqranwd jzpr
http://cikvoae.300mb.info/ofb7f.html of

#448 by of (201.36.210.150) At 2008-12-28 17:41,

lpamke xjih ojteayz wrna
http://prpwooa.2fasthost.info/of41c.html of

#449 by of (189.31.68.242) At 2008-12-28 18:13,

vjpozfl ktucj
http://porsh.servik.com/of627.html of

#450 by of (81.167.194.34) At 2008-12-28 19:20,

CHATPONG
View full profile