Wednesday, February 22, 2006

Preventing SSH Dictionary Attacks


One good way of Preventing SSH Attacks :


I have the following lines in my iptables config:

#iptables -N SSH_CHECK
#iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
#iptables -A SSH_CHECK -m state --state NEW -m recent --set --name SSH
#iptables -A SSH_CHECK -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name SSH
#iptables -A SSH_CHECK -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 4 --name SSH -j DROP

which basically Kick-Bans the source IP for 60 seconds if more than 3 connections are attempted in a 60 second limit.

I've found this to be 100% effective.

Vi Editor --- Adding a Word at the Beginning and Ending of all lines in a File

To add a word at the end of all lines in a file :

:%s/$/LastWord /g


To add a word at the beginning of all lines in a file:

:%s/^/FirstWord /g