Skip to content

Instantly share code, notes, and snippets.

@krono
Last active November 21, 2016 22:55
Show Gist options
  • Save krono/9e22b571472ba8ff0a940156d6480e63 to your computer and use it in GitHub Desktop.
Save krono/9e22b571472ba8ff0a940156d6480e63 to your computer and use it in GitHub Desktop.
Ban everyone who tries SSH (inspiration: http://huschi.net/14_360_de-portscan-honeypot-mit-iptables.html )
#!/bin/sh
PORT=22
TIMEOUT=600
for IPTABLE in iptables ip6tables; do
case "${IPTABLE}" in
iptables) LOCALHOST="127.0.0.1";;
ip6tables) LOCALHOST="::1";;
esac
${IPTABLE} -L ssh-honeypot 2>/dev/null >/dev/null && continue
${IPTABLE} -N ssh-honeypot
${IPTABLE} --insert INPUT ! --source "${LOCALHOST}" --jump ssh-honeypot
${IPTABLE} --append ssh-honeypot --match recent --update --seconds $TIMEOUT --name ssh-fraudster -j DROP
${IPTABLE} --append ssh-honeypot --protocol tcp --match tcp --destination-port $PORT --match recent --name ssh-fraudster --set --jump LOG --log-prefix "[SSH-HONEYPOT on -- $PORT] " --log-level 6 --log-ip-options
${IPTABLE} --append ssh-honeypot --protocol tcp --match tcp --destination-port $PORT --match recent --name ssh-fraudster --set --jump DROP
${IPTABLE} --append ssh-honeypot --jump RETURN
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment