linux poison RSS
linux poison Email

Block ssh brute force attack on OpenSuSe

A brute force attack consists of trying every possible code, combination, or password until you find the right one.

As an example, imagine a system which only allows 4 digit PIN codes. This means that there are a maximum of 10,000 possible PIN combinations.

From the example above, PIN security could be increased by:
    * Increasing the length of the PIN
    * Allowing the PIN to contain characters other than numbers, such as * or #
    * Imposing a 30 second delay between failed authentication attempts
    * Locking the account after 'x' failed authentication attempts

Will try to implement the option #3 & #4 in OpnSuSe using SuSEfirewall
open your favorite editor and edit file: /etc/sysconfig/SuSEfirewall2:

# Add the following rule
FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"

# Now Restart firewall:
rcSuSEfirewall2 restart

Now attacker will just have 3 attempts to break in.

I hope this tutorial has been useful for you too! If you've enjoyed this post, please consider subscribing to Linuxpoison for future updates and more.


4 comments:

Post a Comment

Related Posts with Thumbnails