SSH brute force China and Linux: best practices

Joel Jaeggli joelja at bogus.com
Sat Jan 30 17:35:31 UTC 2010


iptables -A INPUT -m recent --update --seconds 60 --hitcount 5 --name
SSH --rsource -j DROP
iptables -A INPUT -m recent --set --name SSH --rsource -j ACCEPT

also enforce either strong passwords or require no passwords (e.g. keys
only) and everything should be cool.

Bobby Mac wrote:
> Hola Nanog:
> 
> So after many years of a hiatus from Linux,  I recently dropped XP in favour
> of Fedora.  Now that my happy windows blinders are off, I see alarming
> things.  Ugly ssh brute force, DNS server IP spoofing with scans and typical
> script kiddie tactics.
> 
> What are the new set of best practices for those running a NIX home
> computer.  Yes I have a firewall and I do peruse my logs on a regular
> basis.
> 
> BTW: ever drop a malformed  URL to alert an admin to some thing that sucks?
> w3.hp.com/execs/makes/too/much/money or
> www.yourbuddiesdomain.com/it/is/all/rfc/space/use/1918/when/referring/to/non/routable
> 
> Thanks,
> BobbyMac
> 




More information about the NANOG mailing list