Articles


Simple iptables rules to block SSH Brute Force Attack

Simple iptables rules to block SSH Brute Force Attack



Posted bynitheesh,8th Nov 2015

SSH brute force attack means cryptanalytic attack, that is used against any encrypted data. In the brute force attack, attackers scan for SSH daemons exposed to the Internet. The scans can be done by bots; usually automated scans target the regular SSH TCP 22 port. Assuming the TCP port22 is found open, service identification is attempted.

Block SSH brute force attack via two simple Iptables rule.

iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP