2 replies to this topic

[jamessw]

Hello
I've been reading about these forums for a short while and noticed a lot of posts about Brute Force Protection.

Anyone might want to consider using BFD with iptables to detect and block Brute Force attacks on SSH and FTP.

http://www.webhostgear.com/60.html

If you have APF installed the default config works with that, if not, edit the config file to execute an iptables command such as:

iptables -I INPUT -s $ATT-HOST -j DROP                      
( I think that's the command anyway, it's been a while since I last messed with this software )

I hope this helps some people here!

Edited by jamessw, 25 January 2008 - 09:07 AM.

[-ASO- Tim]

That's the right command. Just make sure you replace $ATT-HOST with the IP address of the host that is attacking.

[jamessw]

That's the right command. Just make sure you replace $ATT-HOST with the IP address of the host that is attacking.

Cheers Tim, if you leave the $ATT-HOST in the BFD configuration, when it executes the command on your server for you, it should automatically replace it with the IP it wants to block.

Edited by jamessw, 26 January 2008 - 06:14 AM.