Simple initial authorization using iptables

A very simple way to protect important network ports from external scanners and brute forcers such as:

For example, I came across the fact that brute force drivers constantly blocked accounts in the windows domain, hacking over RDP and passing valid user / login / password pairs. Of course, DC blocks such accounts, preventing brute force.

You can come up with a bunch of similar vulnerabilities. And it’s just unpleasant to see when not clear ESTABLISHED connections hang on important ports.
')
To avoid such situations as follows:

iptables -A INPUT -p tcp --dport 65432 -m recent --set --name tuktuk iptables -A INPUT -p tcp --syn --dport 22 -m recent --rcheck --seconds 160 --name tuktuk -j ACCEPT iptables -A INPUT -p tcp --syn --dport 22 -j DROP

That's all!

Whoever tries to scan the SSH port will be dropped without talking.

To establish a connection, you must first knock on port 65432.
For example from a browser (http: // your_address: 65432)
Or telnet your_address 65432
Or putty your_address -p 65432

And then putty your_address -p 22

We can make attempts to connect from anywhere and at the same time do not want anyone to be able to connect to your important port?

Use!

Source: https://habr.com/ru/post/334774/

All Articles

Simple initial authorization using iptables

More articles: