BASICS:

Please read our previous article on Dos Attack. then, it will be worth to read this one and you can also about ssh port forwarding.

In this tutorial, we will try to protect our ssh server(localhost) from brute force attack.

For this, we will need a tool fail2ban. it is an open-source tool for a firewall. I am using Kali Linux here for this tutorial. by the way, this tutorial may not work in Cent os.

FAIL2BAN INSTALLATION & SETUP:

step.1

fire up your Kali Linux terminal and type this command to install fail2ban

apt-get install fail2ban

step.2

now that your system has fail2ban, we can set it up to prevent brute force attack on SSH service.

fail2ban uses a configuration file called jail.conf

you can find it on /etc/fail2ban 

now we will override this into jail.local file.

type this command to override the jail.conf into jail.local:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

step.3

now we will open the fail2ban.local file to edit:

leafpad /etc/fail2ban/jail.local

step.4

jail.local file has some contents like ignoreip, bantime, maxretry

edit ignoreip, first remove the # mark from starting and add your local IP like 192.168.12.1

(use ifconfig)

you can edit rest of those but for now, let just keep it the same.

ATTACK:

we will use hydra to perform a brute-force attack on our SSH server. but first, we will start our ssh server with this command:

service ssh start

now we will need to start fail2ban service:

service fail2ban start

and our prevention work is done. now we will attack our server(localhost).

the brute force attack requires a wordlist to perform the attack. if you don’t have a wordlist you can download it from here.

before starting our attack we will open a status window that will show us if the IP is using our ssh.

fail2ban-client status ssh

start the attack with this command:

hydra  -L <wordlist> -P <wordlist> <ip of ssh server> ssh

now look at the status window, if it shows you something.

Thanks for Visiting.