15 Nov
2011
15 Nov
'11
10:30 p.m.
Chris Samuel wrote:
On Tue, 1 Nov 2011 05:03:56 PM Roger wrote:
Need help understanding iptables.
tcp dpt:ssh state NEW recent: SET name: SSH side: source tcp dpt:ssh state NEW recent: UPDATE seconds: 90 hit_count: 4 TTL-Match name: SSH side: source should reduce brute force attack to 4 hits in 90 seconds but last -d reports hundreds of hits per ip all within a second, it then changes ip and starts again.
This might help as it appears to talk about the sort of thing you are trying to do..
http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks
See also http://cyber.com.au/~twb/doc/iptab