brute force - AddaxSoft

Automation: Block ssh brute force attacks with iptables

January 11, 2018, Posted in Security, SysAdmin Releases with No comments

1. create an iptables.rules file in /etc/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

# Accept established connections

-A INPUT -i venet0:0 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Enable HTTP/HTTPS

-A INPUT -i venet0:0 -p tcp -m tcp --dport 80 -j ACCEPT

-A INPUT -i venet0:0 -p tcp -m tcp --dport 443 -j ACCEPT

# Allow 4 connections in 300 seconds, then ban the IP for 300 seconds

-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource

-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 4 --name DEFAULT --rsource -j DROP

-A INPUT -i venet0:0 -p tcp -m tcp --dport 22

Generate Alpha-Numeric Strings in Python (for BruteForce Attacks)

August 16, 2014, Posted in Programming, Security Releases with No comments

While I was coding the ‘Twitter Short Handles Finder‘ I needed an efficient Alpha-Numeric Strings generator in Python. I coded this from scratch:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

def lastCase (lst):

for i in range(0, len(lst)):

if ( lst[i] != '_' ):

return False

return True

l = [''] * 4 #change size here if needed. I used 4 here

l[0] = '0'

index = 0

while ( not lastCase(l) ):

if ( ord(l[index]) > ord('_') ):

l[index] = '0'

index += 1

while( l[index] == '_' ):

l[index] = '0'

index += 1

if (l[index] == ''):

l[index] = '0'

#print or process generated string

print(''.join(l))

l[index] = chr(ord(l[index]) +1)

if ( ord(l[index]) > ord('9') and ord(l[index]) < ord('A') ):

l[index] = 'A'

elif ( ord(l[index]) > ord('Z') and ord(l[index]) < ord('_') ):

l[index] = '_'

index = 0

print (''.join(l))

Blocking Tor Traffic to Your Server

March 12, 2014, Posted in Security Releases with No comments

You’ve seen before how I got targeted by thousands of brute force attempts and how I mitigated the attacks earlier in this post; however, I wanted to do something better and more efficient. A filter at the firewall to block all these attempts from even establishing a basic TCP connection with the HTTP server.

The Problem
One major problem is that these attempts were not coming from a single IP address. Attackers will use TOR to hide themselves and to have different IPs to over-come the first obstacles that is: blocking the attacker’s source IP address.

brute force tagged posts

Automation: Block ssh brute force attacks with iptables

Generate Alpha-Numeric Strings in Python (for BruteForce Attacks)

Blocking Tor Traffic to Your Server

Recent Comments