Algo que encontré en la lista:
I assume you’re looking for the “recent” module for iptables.
# Blocking ssh attacks
/usr/sbin/iptables -A INPUT -p tcp –syn –dport 22 -m recent –name sshattack –set
/usr/sbin/iptables -A INPUT -p tcp –dport 22 –syn -m recent –name sshattack –update –seconds 60 –hitcount 6 -j LOG –log-prefix ‘SSH attack: ‘
/usr/sbin/iptables -A INPUT -p tcp –dport 22 –syn -m recent –name sshattack –update –seconds 60 –hitcount 6 -j REJECTThis will block all further syns from an IP address starting on the
sixth port 22 connection within 60 seconds. It takes 60 seconds of
absolute quiet from that same ip address (or a reboot) to make the
block go away. Kills a LOT of brute force ssh attacks. I’ve also
used this both against web statistics spammers and email DOSers with
good results.
http://lists.opensuse.org/opensuse-security/2005-12/msg00069.html
