[opensuse-security] Minimum time intervall for log-in re-tries
Good morning. I hope someone could help me in this: I receive remote login attempts in 1 second intervals from the same IP address to our port 22. Port 22 is forwarded by the firewall ( Sifoworks ). OS is openSUSE 11.0 Is there a way to increase the time between a failed login attempt and the next possible login re-try ? Regards Wolfgang Kluge -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
* Wolfgang Kluge <wkluge@kb-labuan.com> [10-18-09 23:25]:
Good morning. I hope someone could help me in this:
I receive remote login attempts in 1 second intervals from the same IP address to our port 22. Port 22 is forwarded by the firewall ( Sifoworks ). OS is openSUSE 11.0
Is there a way to increase the time between a failed login attempt and the next possible login re-try ?
add to /etc/sysconfig/scripts/SuSEfirewall2-custom iptables -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set iptables -A INPUT -p tcp --dport 22 --syn -m recent |\ --name sshattack -update --seconds 240 --hitcount 2 -j LOG |\ --log-prefix 'SSH attack: ' iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack |\ --update --seconds 240 --hitcount 2 -j REJECT rejects the third and following trys ( --hitcount 2) for 240 seconds -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Hi Wolfgang, SuSEfirewall2 (config file /etc/sysconfig/SuSEfirewall2) already has an option for this: FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" This blocks requests for 60 seconds after the third attempt. Greetings, Ralf Wolfgang Kluge schrieb:
Good morning. I hope someone could help me in this:
I receive remote login attempts in 1 second intervals from the same IP address to our port 22. Port 22 is forwarded by the firewall ( Sifoworks ). OS is openSUSE 11.0
Is there a way to increase the time between a failed login attempt and the next possible login re-try ?
Regards Wolfgang Kluge
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
I am using fail2ban from the pacman repository in order to keep control of brute force attacks (both on sshd and httpd). It's not the magic bullet but it gets the job done. Regards Bujdoso Sandor On Mon, 19 Oct 2009, Wolfgang Kluge wrote:
Good morning. I hope someone could help me in this:
I receive remote login attempts in 1 second intervals from the same IP address to our port 22. Port 22 is forwarded by the firewall ( Sifoworks ). OS is openSUSE 11.0
Is there a way to increase the time between a failed login attempt and the next possible login re-try ?
Regards Wolfgang Kluge
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (4)
-
Patrick Shanahan -
Ralf Ronneburger -
sanyi -
Wolfgang Kluge