[NCLUG] iptables ssh protection, but with Linksys WRT54G DD-WRT?

siegfried siegfried at heintze.com
Wed Apr 12 15:36:14 MDT 2006 

Ohhh -- sorry I missed the Nclug meeting last night! After chatting on IRC
yesterday I thought the topic was linux instead of network security and
decided not to go. Someone said the web site said the topic was still
"linux".

 Is the presentation going to posted where I can download it?

Benson: what is ddwrt2? Is that different than openwrt? I'd love to know
exactly what commands you are trying and the results.

Thanks,
Siegfried

-----Original Message-----
From: nclug-bounces at nclug.org [mailto:nclug-bounces at nclug.org] On Behalf Of
Benson Chow
Sent: Wednesday, April 12, 2006 2:09 PM
To: nclug at nclug.org
Subject: [NCLUG] iptables ssh protection, but with Linksys WRT54G DD-WRT?

First off, thanks Hugh for the presentation.  I was wonderring what people 
were doing with all these annoying ssh attempts, this surely couldn't be 
an issue I'm fighting myself.

So I tried the ssh limiting iptables rules on my 2.6 server box, this 
seemed to work just fine.  Exactly what I needed!  I was more concerned 
about people wasting my bandwidth and filling my logfiles with useless 
failed dictionary attempts than people cracking my box at this point.
Less noise in logfiles is always better!

I'd also like to get the same kind of protection working on my WRT54G 
router.  I tried the same commands, but wasn't quite sure about the device 
needed.  So, I tried each one, including the virtual devices.  In any case 
none of the command sets seemed to halt connections after too many connect 
attempts.  The commands resulted in no errors when executed, either.  The 
corresponding .so iptables module file seems to be on the filesystem, so 
that should be OK.

The main difference other than hardware is that the router is running 
Linux 2.4.32 instead of 2.6.15.  Anyone able to get these rules working on 
a 2.4 box?

This router is not running Linksys firmware, it's using DDWRT2.3. 
Iptables version matches my 2.6 box.

Thanks,

-bc

p.s. Oh.... I used to have anyone in the netblocks 210. to 213. all return 
a random number of /dev/urandom bytes.  Just hoping, that someday 
/dev/urandom generates a byte sequence fatal/buffer overflows their 
attacking script...
_______________________________________________
NCLUG mailing list       NCLUG at nclug.org

To unsubscribe, subscribe, or modify 
your settings, go to: 
http://www.nclug.org/mailman/listinfo/nclug

More information about the NCLUG mailing list