15 Nov
2011
15 Nov
'11
10:14 a.m.
On Tue, 1 Nov 2011 05:03:56 PM Roger wrote:
Need help understanding iptables.
tcp dpt:ssh state NEW recent: SET name: SSH side: source tcp dpt:ssh state NEW recent: UPDATE seconds: 90 hit_count: 4 TTL-Match name: SSH side: source should reduce brute force attack to 4 hits in 90 seconds but last -d reports hundreds of hits per ip all within a second, it then changes ip and starts again.
This might help as it appears to talk about the sort of thing you are trying to do.. http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks -- Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC This email may come with a PGP signature as a file. Do not panic. For more info see: http://en.wikipedia.org/wiki/OpenPGP