kevin.vanzonneveld.net— How to Block Brute Force Attacks with only 2 iptables rules. Without it your server is a sitting duck waiting for a bot to guess the right combination and hit the jackpot.
Jul 28, 2007View in Crawl 4
This is for the math lovers -- 26 lower case chars, 26 upper case chars, 10 digits, 10 symbols = 72 chars 15^72 = 7244150201408990671659859968 (7,244,150,201,408,990,671,659,859,968)/500,000 guesses per second (2.3 quad core, 8 GB RAM) = 24147167338029968905532.86656 seconds, 402452788967166148425.547776 minutes, 6707546482786102473.7591296 hours, 279481103449420936.4066304 days or 765701653286084 years. This is not assuming the Moore's Law in which this is will be exponentially decreasing and cannot be done on Windows Calculator.
The article doesn't really have anything to do with Ubuntu. Dugg because it's a good article and the author got on the front page by outsmarting retarded Ubuntu fanboys.
Not bad at all! Another layer to add in! But - obviously, it's an iptables method - not just an Ubuntu methodIf you'd like to be preemptive and lock out known attackers even before they start on your box - try Denyhosts and use the shared database options.<a class="user" href="http://denyhosts.sourceforge.net">http://denyhosts.sourceforge.net</a>Think along the lines of a DNSRBL for ssh brute forcers. But one where the attackers pretty much have to prove themselves as attackers to get listed.
To be fair! The RECENT target is not enabled in some kernels by default. So no this does NOT apply to all Linux distributions, although it applies to many. YMMV.
ive just had an attack of brute force, stupidly was talkin to someone on msn and they started repeating convos i'd had months back on my msn history, every convo i'd had, kindly they told me it was done by brute force. wot i wanted to ask is are they still in my pc? am i permantly hacked now? or does it only last as long as i was on msn with them? thanks for any answers, im not clued up on hackers, they were also kind enough to inform me my firewall was rubbish an i should get a better one. i do love kind hackers! NOT! can anyone help with info? i got out of them it was a programme that scans then uses brute force to gain entry thru a port, is this correct?
chandlerJul 30, 2007
This is for the math lovers -- 26 lower case chars, 26 upper case chars, 10 digits, 10 symbols = 72 chars 15^72 = 7244150201408990671659859968 (7,244,150,201,408,990,671,659,859,968)/500,000 guesses per second (2.3 quad core, 8 GB RAM) = 24147167338029968905532.86656 seconds, 402452788967166148425.547776 minutes, 6707546482786102473.7591296 hours, 279481103449420936.4066304 days or 765701653286084 years. This is not assuming the Moore's Law in which this is will be exponentially decreasing and cannot be done on Windows Calculator.
diggfightJul 31, 2007
The article doesn't really have anything to do with Ubuntu. Dugg because it's a good article and the author got on the front page by outsmarting retarded Ubuntu fanboys.
1260Jul 31, 2007
Yeah, I'm sure they would get far with 8 per minute you idiot.
zotterJul 31, 2007
Not bad at all! Another layer to add in! But - obviously, it's an iptables method - not just an Ubuntu methodIf you'd like to be preemptive and lock out known attackers even before they start on your box - try Denyhosts and use the shared database options.<a class="user" href="http://denyhosts.sourceforge.net">http://denyhosts.sourceforge.net</a>Think along the lines of a DNSRBL for ssh brute forcers. But one where the attackers pretty much have to prove themselves as attackers to get listed.
krechetJul 31, 2007
To be fair! The RECENT target is not enabled in some kernels by default. So no this does NOT apply to all Linux distributions, although it applies to many. YMMV.
qwuincSep 6, 2007
@trogdoorSorry for being a nitpick, but ICMP packets don't actually have source/destination ports (<a class="user" href="http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Header)">http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Header)</a> unlike TCP/UDP. ;-)Also, you can check what ports your box is listening on by running "netstat -nlpt" as root.
snowb1tchOct 22, 2007
ive just had an attack of brute force, stupidly was talkin to someone on msn and they started repeating convos i'd had months back on my msn history, every convo i'd had, kindly they told me it was done by brute force. wot i wanted to ask is are they still in my pc? am i permantly hacked now? or does it only last as long as i was on msn with them? thanks for any answers, im not clued up on hackers, they were also kind enough to inform me my firewall was rubbish an i should get a better one. i do love kind hackers! NOT! can anyone help with info? i got out of them it was a programme that scans then uses brute force to gain entry thru a port, is this correct?
ianwateMar 7, 2008
Bruteforce is useless if you have a strong character combination of passwords. :D<a class="user" href="http://ithaven.blogspot.com">http://ithaven.blogspot.com</a>
4degreesApr 29, 2010
this technique not only fends off brute force attacks, it also saves bandwidth. Sometimes these attacks push me over the edge on my bandwidth quotas.