Comments on: Using iptables to Block Brute Force Attacks

By: avoid people running “stress tests” / attacks on our server (CentOS + Apache)

Fri, 26 Nov 2010 12:24:15 +0000

[...] can use the recent module with iptables to block requests that come in to fast from a specific ip. Here is an article with some examples. If you get into more DoS attacks that overwhelm your bandwidth then you might [...]

By: ?? IPTABLES ?????? « ??????

?? IPTABLES ?????? « ?????? — Sat, 23 Oct 2010 00:30:44 +0000

[...] http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks/ ?????????????????????? 22 [...]

By: Miguel

Miguel — Thu, 21 Oct 2010 10:12:55 +0000

Previously was mentioned, “This seems like an easy way to open yourself up for DoS attackes” This is totally incorrect.

Only the offending IPs will be blocked (IPs that exceed more than 3 connections in a 300 sec period). Any other user on a different IP will be able to connect unless he have less than 3 connections for that IP or is on the WHITELIST.

In my case for the SSH service I would set 10 new connection for a 300 second period, this in turn would translate in an attacker only be able to brute force the password on average every 30 seconds.

In case you have a very week password 8 char length composed just with lower case letter [a-z] the attacker would need about 300 years to guess the password

Marius thanks for your excellent article.

Best Regards,
Miguel

By: Miguel

Miguel — Thu, 21 Oct 2010 10:11:41 +0000

Previously was mentioned “This seems like an easy way to open yourself up for DoS attackes” This is totally incorrect.

In my case for the SSH service I would set 10 new connection for a 300 second period, this in turn would translate in an attacker only be able to brute force the password on average every 30 seconds.

In case you have a very week password 8 char length composed just with lower case letter [a-z] the attacker would need about 300 years to guess the password

Marius thanks for your excellent article.

Best Regards,
Miguel

By: Anonymous

Anonymous — Mon, 19 Jul 2010 21:12:27 +0000

This seems like an easy way to open yourself up for DoS attackes. All I need to do is to make N connections/minute to your server and you can never access it again other than a whitelisted IP. And if you only access it from whitelisted IP, then as you say, just allow whitelisted IPs. Pretty weak IMO.

By: Anonymous

Anonymous — Mon, 19 Jul 2010 21:12:27 +0000

By: sts

sts — Thu, 27 May 2010 13:37:39 +0000

Hello dude, can i post articles to your website ? Let me know if you are interested

By: - Marius -

- Marius - — Wed, 21 Oct 2009 23:36:12 +0000

@Ben: what distro do you use? did you built iptables manually?

By: Ben

Ben — Tue, 20 Oct 2009 04:18:02 +0000

I thought i followed this correctly but twice i’ve had the same error:

iptables v1.3.5: Unknown arg `badconns’

By: Af Jes Kasper Klittum » Blog Archive » Using Varnish and iptables_recent to fend off Slowloris attacks on CentOS

Thu, 25 Jun 2009 10:46:33 +0000

[...] These guides were used to compose this walk-through: http://wiki.tyk.nu/index.php/Using_Varnish_to_protect_Apache_against_slowloris#Configuring_Varnish http://developer.mindtouch.com/User:PeteE/Varnish_Installation http://varnish.projects.linpro.no/ http://maxgarrick.com/reverse-proxy-with-nginx http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks/ [...]