iptables and bruteforce

Need help? Ask here.

Moderator: Moderators

iptables and bruteforce

Postby user00265 » Thu Apr 26, 2012 12:09 am

Hello,

For a while now I've been fighting off what many of us need to fight off: bruteforce attacks to various services, in this case ssh, imap and smtp. I have tried tools like fail2ban and similar, but only one (which its name escapes me) actually worked, but running it was cumbersome (runs properly only via FIFO's and backgrounding it with the shell jobserver). Then, while looking for an alternative, I found iptables' recent module. I have it set for 3 attempts on NEW connections in 1 minute to block for 1 hour, which works fine (I have my IP whitelisted).

Here comes the issue... I've been getting hit so much that now I've seen dmesg print out that the table is full and its dumping old entries, repeatedly sometimes. I am wondering if there is a better solution that works as smoothly as iptables' recent module? I'm open to suggestions, these automated bots are becoming a nuisance.
Elisamuel Resto
Simply Sam, LLC
user00265
 
Posts: 18
Joined: Wed Apr 28, 2010 7:45 pm
Location: Chatfield, MN

Re: iptables and bruteforce

Postby Seth » Thu Apr 26, 2012 3:00 pm

I use Fail2Ban for the few things that need it. For SSH I actually disable passwords completely and use keys only. The scanning bots don't handle that and seem to leave me alone. The only downside to using keys only is that you have to set up all your devices with keypairs ahead of time, but that's never been a problem for me since I don't ssh in from things that aren't mine or aren't trusted.
Seth Mattinen, Roller Network LLC
Seth
Site Admin
 
Posts: 265
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada


Return to Support

Who is online

Users browsing this forum: Google [Bot] and 2 guests

cron