Stopping script-kiddies using iptables

Recently this server has become the victim of some very amateurish script kiddies, doing brute force common user/dictionary attacks.

Here's a couple ideas for stopping the noise.

Using iptables:
# iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set

# iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 120 --hitcount 4 -j DROP

The first line basically says "add this source IP to a 'recent' list", so it builds a dynamic list of IP addresses hitting port 22. The second line says if four of those IP's in the 'recent' list hit port 22 within 120 seconds, dump any subsequent packets from this IP.

Forums: