* Wolfgang Kluge
Good morning. I hope someone could help me in this:
I receive remote login attempts in 1 second intervals from the same IP address to our port 22. Port 22 is forwarded by the firewall ( Sifoworks ). OS is openSUSE 11.0
Is there a way to increase the time between a failed login attempt and the next possible login re-try ?
add to /etc/sysconfig/scripts/SuSEfirewall2-custom iptables -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set iptables -A INPUT -p tcp --dport 22 --syn -m recent |\ --name sshattack -update --seconds 240 --hitcount 2 -j LOG |\ --log-prefix 'SSH attack: ' iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack |\ --update --seconds 240 --hitcount 2 -j REJECT rejects the third and following trys ( --hitcount 2) for 240 seconds -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org