Brute Force Attack SSH bomb protection using Shorewall
Just found some error log messages in /var/log/secure that shows me so many ssh bom attack just got into intrnet server gateway.
all you need to do if you enable ssh connection to your linux box that you have to disable root login first, you could find and edit the configurations of your ssh config , like this :
1. SSH into your server as root
2. Copy and paste this line to edit the file for SSH logins
vi /etc/ssh/sshd_config
3. find the line
PermitRootLogin yes
3. Uncomment it and make it look like PermitRootLogin no
4 Save the file
5. Now you can restart SSH
/etc/rc.d/init.d/sshd restart
if you are using shorewall configuration, because the attacker always using the same method in attacking process, which means this method related to some interval time to handle the login attempt, you need to modify your shorewall configuration in /etc/shorewall/rules ,
put this configuration on your /etc/shorewall/rules :
Limit:info:SSHA,3,60 net $FW tcp 22
# 3 logins attempt in 60 seconds..
ok, enough by now.
Good luck
