Secured Shell or SSH is a service to enable users to access remote system securely. However, SSH servers depending on password-based authentication might be vulnerable to dictionary-based (or brute-force) attacks by crackers.
Luckily iptables can be used with ‘–limit-burst‘ and ‘–limit’ option to reduce the number of attempts and connection that a cracking tool can make in a period of time.
For example, in order to limit an IP address to making only 5 connections per minute in burst of 2 connections, you can use this iptables rules:
iptables -A INPUT -p tcp --dport ssh -m limit --limit 5/minute --limit-burst 2 -j ACCEPT
This will result in the iptables will only allow up to 5 connections per minute with 2 maximum initial number of connections, which will make any brute-force or dictionary-based attack uneconomical/unfeasible for the server.
Read more about iptables –limit and –limit-burst in Linux Iptables Limit the number of incoming tcp connection / syn-flood attacks
Keep updated with the latest posts, be a part of over 1,000 subscribers! : Subscribe to your email
You might also want to read...
- Limiting the number of connections to SSH Server using Iptables
- How to secure your SSH server
- How to: Quick and Dirty Web Server Load Balancing with IPTables in Linux
- Solving SSH “channel 3: open failed: administratively prohibited” error when tunnelling
- How to secure server from SYN-flood attack using iptables
- How to Enable Outgoing Keyserver port with iptables firewall
- How to limit MySQL port access to specific network