1.The following iptable rule will drop incoming connections which make more than 5 connection attempts upon port 22 within 60 seconds
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
2.Disable Empty Passwords
Open the file /etc/sshd/sshd_config and
PermitEmptyPasswords no
3.TCPWrappers
open --> vi /etc/hosts.deny
sshd:ALL
then
open --> vi /etc/hosts.allo
sshd:192.168.1.32 192.168.1.21 (Change to your desired IP)
4.Change the SSH Port
The Idea behind this , suppose we change the port 22 to something other say Oracle 1521 , the attackers thinks that this is an Oracle server and will try oracle hacking tools :)
Port 300
5.Force Logout for Idle Sessions
ClientAliveInterval 300
ClientAliveCountMax 0
And to be continued .......
No comments:
Post a Comment