scottlinux.com

Facebook Twitter RSS

Protect Against Brute Force with ufw

Published on August 8, 2011, by in sysadmin.




ufw is the super easy firewall interface featured in Ubuntu and also the latest Debian.

Somewhat like fail2ban, one feature of ufw is built-in rate limiting to protect against brute force attacks.

While this could be used on any port, a common use is on port 22 to protect against ssh dictionary attacks or other poking.

To enable rate limiting on ssh, issue the following:

$ sudo ufw limit ssh

(PS: You can give this command to safely overwrite your current ssh rule.)



To view your current firewall configuration use:

$ sudo ufw status



user@li166-66:~$ sudo ufw status
[sudo] password for user:
Status: active

To                         Action      From
--                         ------      ----
22                         LIMIT       Anywhere

This will deny connections of an IP if 6 or more logins are attempted in the last 30 seconds.

To the person trying to brute force, it will look similar to this:

ufw_limit



And yes you could also use this to rate limit pop, imap, or smtp logins!

Yay!

Thanks Aric

Related posts:

  1. Prevent Postfix Brute Force
  2. SSH Key Pair to Login Without Password
Tags: , , , , , , , , ,
« »

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.

(Optional) Your Twitter @
Home sysadmin Protect Against Brute Force with ufw
© Copyleft scottlinux.com CC BY-SA 3.0