Project

General

Profile

Feature #1094

Basic protection against SSH brute force attacks

Added by inquam almost 7 years ago. Updated almost 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
08/21/2013
Due date:
% Done:

0%


Description

With more and more people installing Amahi and some being quite novice we have more and more Amahis exposed to the internet when people start opening up ports in their routers to be able to access their servers remotely. Since SSH is used by many this is often also exposed outwards. This opens up for SSH brute force attacks (which can be both fast and effective).
To bring some kind of default protection to the platform against this I purpose that we include the following iptable rules by default

[root@dahome ~]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: SSH side: source mask: 255.255.255.255
LOG tcp -- anywhere anywhere tcp dpt:ssh recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: SSH side: source mask: 255.255.255.255 LOG level warning prefix "SSH_brute_force "
DROP tcp -- anywhere anywhere tcp dpt:ssh recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: SSH side: source mask: 255.255.255.255
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

This will allow a couple of failed SSH login attempts and then add a 60 second cool down. Effectively killing any interest in brute forcing the server in question.
I implemented this my self after seeing > 600 failed login attempts per day and got that down to < 5.

Something similar should be in place on the web UI to I think since both the source code to it is available and a lot of amahi expose the web ui on the internet it makes it an ideal target for attacks.

History

#1 Updated by bigfoot65 almost 7 years ago

  • Priority changed from Medium to Normal

#2 Updated by bigfoot65 almost 7 years ago

How about adding this guidance to the wiki until this type of functionality can be incorporated in Amahi.

Also available in: Atom