iptables and bruteforce

Need help? Ask here.

Moderator: Moderators

Post Reply
user00265
Posts: 18
Joined: Wed Apr 28, 2010 7:45 pm
Location: Chatfield, MN
Contact:

iptables and bruteforce

Post by user00265 »

Hello,

For a while now I've been fighting off what many of us need to fight off: bruteforce attacks to various services, in this case ssh, imap and smtp. I have tried tools like fail2ban and similar, but only one (which its name escapes me) actually worked, but running it was cumbersome (runs properly only via FIFO's and backgrounding it with the shell jobserver). Then, while looking for an alternative, I found iptables' recent module. I have it set for 3 attempts on NEW connections in 1 minute to block for 1 hour, which works fine (I have my IP whitelisted).

Here comes the issue... I've been getting hit so much that now I've seen dmesg print out that the table is full and its dumping old entries, repeatedly sometimes. I am wondering if there is a better solution that works as smoothly as iptables' recent module? I'm open to suggestions, these automated bots are becoming a nuisance.
Elisamuel Resto
Simply Sam, LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: iptables and bruteforce

Post by Seth »

I use Fail2Ban for the few things that need it. For SSH I actually disable passwords completely and use keys only. The scanning bots don't handle that and seem to leave me alone. The only downside to using keys only is that you have to set up all your devices with keypairs ahead of time, but that's never been a problem for me since I don't ssh in from things that aren't mine or aren't trusted.
Seth Mattinen, Roller Network LLC
Post Reply