OpenSSH -- a way to block recurrent login failures?
From: Victor Danilchenko (danilche_at_cs.umass.edu)
Date: 09/21/04
- Previous message: Greg Wooledge: "Re: patch: openssh 3.9p1 on hp-ux 10.20"
- Next in thread: Wilson, Richard E: "RE: OpenSSH -- a way to block recurrent login failures?"
- Maybe reply: Wilson, Richard E: "RE: OpenSSH -- a way to block recurrent login failures?"
- Reply: Greg Wooledge: "Re: OpenSSH -- a way to block recurrent login failures?"
- Reply: Alpt: "Re: OpenSSH -- a way to block recurrent login failures?"
- Reply: Shawn Duffy: "Re: OpenSSH -- a way to block recurrent login failures?"
- Reply: Javier Sanchez: "Re: OpenSSH -- a way to block recurrent login failures?"
- Maybe reply: Warner, Randy: "RE: OpenSSH -- a way to block recurrent login failures?"
- Reply: Victor Danilchenko: "Re: OpenSSH -- a way to block recurrent login failures?"
- Maybe reply: Casey: "Re: OpenSSH -- a way to block recurrent login failures?"
- Reply: Bartek Krajnik: "Re: OpenSSH -- a way to block recurrent login failures?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Sep 2004 10:02:22 -0400 (EDT) To: secureshell@securityfocus.com
Hi,
We are looking for a way to temporarily block hosts from which
we receive a given number of sequential failed login attempts, not
necessarily within the same SSH session (so MaxAuthTries is not enough).
The best solution I could come up with so far would be to run OpenSSH
through TCPWrappers, and set up a log watcher daemon which would edit
/etc/hosts.deny on the fly based on the tracked number of failed logins
for each logged host.
Is there a better solution known for the sort of problems we
have been plagued with lately -- repeated brute-force crack attempts
from remote hosts? I looked on FreshMeat and I searched the mailing
lists, only to come up empty-handed.
Thanks in advance,
-- | Victor Danilchenko +---------------------+ | danilche@cs.umass.edu | He who laughs last, | | CSCF | 5-4231 | thinks slowest. |
- Previous message: Greg Wooledge: "Re: patch: openssh 3.9p1 on hp-ux 10.20"
- Next in thread: Wilson, Richard E: "RE: OpenSSH -- a way to block recurrent login failures?"
- Maybe reply: Wilson, Richard E: "RE: OpenSSH -- a way to block recurrent login failures?"
- Reply: Greg Wooledge: "Re: OpenSSH -- a way to block recurrent login failures?"
- Reply: Alpt: "Re: OpenSSH -- a way to block recurrent login failures?"
- Reply: Shawn Duffy: "Re: OpenSSH -- a way to block recurrent login failures?"
- Reply: Javier Sanchez: "Re: OpenSSH -- a way to block recurrent login failures?"
- Maybe reply: Warner, Randy: "RE: OpenSSH -- a way to block recurrent login failures?"
- Reply: Victor Danilchenko: "Re: OpenSSH -- a way to block recurrent login failures?"
- Maybe reply: Casey: "Re: OpenSSH -- a way to block recurrent login failures?"
- Reply: Bartek Krajnik: "Re: OpenSSH -- a way to block recurrent login failures?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
