Slow down (limit) Brute-Force attacks


mgutt

1 post in this topic Last Reply

Recommended Posts

I like to see some iptables rules that limit local brute-force attacks. The amount of requests and period of time should be changeable through the WebGUI.

 

With UFW I would generate the rules as follows:

ufw limit ssh
ufw limit http
ufw limit https

Which would generate iptables rules similar to this:

-A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
-A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
-A ufw-user-input -p tcp -m tcp --dport 22 -j ufw-user-limit-accept
...

By that a (local) bad client is not able to test passwords every millisecond or even faster. And yes, strong passwords are the most important part, I know ;) 

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.