SCF Advanced Search

  • Total Members: 13535
  • Latest: carlosr
  • Total Posts: 35928
  • Total Topics: 11050
  • Online Today: 1681
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Dictionary Attacks on SSH  (Read 2590 times)

0 Members and 1 Guest are viewing this topic.


  • SCF VIP Member
  • *****
  • Posts: 42
  • KARMA: 15
  • Gender: Male
  • Predator
Dictionary Attacks on SSH
« on: 28. April 2012., 22:21:43 »
So how do you handle dictionary attacks?

Until recently, I used automatic scripts to ban sources. Scripts are too slow. So why can't we just build a simple rule set for the firewall?...perhaps like this;

Code: [Select]
iptables -N SSH_BAN
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_BAN
iptables -A SSH_BAN -m recent --set --name SSH
iptables -A SSH_BAN -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP

iptables-save > /etc/sysconfig/iptables

/sbin/service iptables save

The result;

Code: [Select]
[root@bench ~]# iptables -L -v
Chain INPUT (policy ACCEPT 374M packets, 106G bytes)
 pkts bytes target     prot opt in     out     source               destination
 176K   10M SSH_BAN    tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh state NEW

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 274M packets, 395G bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain SSH_BAN (1 references)
 pkts bytes target     prot opt in     out     source               destination
 176K   10M            all  --  any    any     anywhere             anywhere            recent: SET name: SSH side: source
 164K 9812K DROP       all  --  any    any     anywhere             anywhere            recent: UPDATE seconds: 60 hit_count:
 4 name: SSH side: source
[root@bench ~]#

Works for me. :)


  • SCF Administrator
  • *****
  • Posts: 7473
  • KARMA: 313
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Re: Dictionary Attacks on SSH
« Reply #1 on: 29. April 2012., 20:23:07 »
Nice work Mike. :thumbsup:

Few additional details about "Dictionary attacks" for SCF members from Wikipedia:


In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.


... and one, just for "figure out", YT video:


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising