- 패스워드 공격 :
iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —set —name SSHSCAN
iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j LOG —log-prefix SSH_SCAN:
iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j DROP
혹은 ..
/etc/rc.d/init.d/iptables save
vi /etc/sysconfig/iptables
*filter :INPUT ACCEPT [77821:18947147]
룰 추가
-A INPUT -p tcp —dport 22 -m state —state NEW -m recent —set —name SSHSCAN -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j LOG —log-prefix SSH_Scan: -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j DROP
룰 추가 끝
:FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [76355:16945171] COMMIT
Completed on Mon Nov 24 18:13:04 2014
/etc/rc.d/init.d/iptables start
chkconfig —level 345 iptables on
fail2ban 설치. http://www.fail2ban.org
- DDos 공격 :
iptables -A INPUT -p tcp –dport 80 -m recent –update –seconds 1 –hitcount 10 –name HTTP -j DROP
'개발 > 서버' 카테고리의 다른 글
리눅스 커널 코어 덤프 분석 (0) | 2015.09.10 |
---|---|
sge 통신 방식을 ssh 로 전환 (0) | 2015.09.10 |
UNIX IP Stack Tuning Guide v2.7 (0) | 2015.09.10 |
죽은 프로세스 살리기 (0) | 2015.09.10 |
How to kill zombie process [closed] (0) | 2015.09.10 |