Iptables SSH Bruteforce
There are many ways to secure your connections via ssh but here is something applied on top of ssh protocol. A firewall using iptables. This came up recently due to a brute force attacked on one off my servers ongoing consecutively for more than a month.
I came up with these kinds of report mostly everyday.
Jul 30 01:31:49 methylacidiphilum sshd[5920]: Received disconnect from 190.186.50.31: 11: Bye Bye
Jul 30 01:31:52 methylacidiphilum sshd[5921]: reverse mapping checking getaddrinfo for static-ip-adsl-190.186.50.31.cotas.com.bo [190.186.50.31] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul 30 01:31:53 methylacidiphilum sshd[5922]: Received disconnect from 190.186.50.31: 11: Bye Bye
Jul 30 01:31:56 methylacidiphilum sshd[5923]: reverse mapping checking getaddrinfo for static-ip-adsl-190.186.50.31.cotas.com.bo [190.186.50.31] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul 30 01:31:57 methylacidiphilum sshd[5924]: Received disconnect from 190.186.50.31: 11: Bye Bye
Actually ain't concerned on ssh attacks, because the only way to get in is via encrypt cert. But who is not air* if everyday reports generated are regarding ssh attacks only.
well after google it up the key features are only the hit_count which I got from here.
*who is not air is a direct Malay translation "siapa tak angin" which means who ain't mad
Comments
Post a Comment