Re: OpenSSH -- a way to block recurrent login failures?

From: Alpt (alpt_at_freaknet.org)
Date: 09/21/04

  • Next message: Greg Waltz: "Replacing User Authentication Method (with version)"
    Date: Tue, 21 Sep 2004 22:44:41 +0200
    To: Victor Danilchenko <danilche@cs.umass.edu>
    
    
    

    On Tue, Sep 21, 2004 at 10:02:22AM -0400, Victor Danilchenko after a spiritual call wrote :
    ~> Hi,
    ~>
    ~> We are looking for a way to temporarily block hosts from which
    ~> we receive a given number of sequential failed login attempts, not
    ~> necessarily within the same SSH session (so MaxAuthTries is not enough).
    ~> The best solution I could come up with so far would be to run OpenSSH
    ~> through TCPWrappers, and set up a log watcher daemon which would edit
    ~> /etc/hosts.deny on the fly based on the tracked number of failed logins
    ~> for each logged host.
    ~>
    ~> Is there a better solution known for the sort of problems we
    ~> have been plagued with lately -- repeated brute-force crack attempts
    ~> from remote hosts? I looked on FreshMeat and I searched the mailing
    ~> lists, only to come up empty-handed.
    ~>

    Please take a look at:
    http://www.freaknet.org/alpt/src/Openssh-UlDoS/sa200409-19.txt
    With a few changes in the patch your problem will be solved.

    Best Regards

    -- 
    :wq!
    "I don't know nothing" The One Who reached the Thinking Matter   '.'
    [ Alpt --- Freaknet Medialab ]
    [ GPG Key ID 441CF0EE ]
    [ Key fingerprint = 8B02 26E8 831A 7BB9 81A9  5277 BFF8 037E 441C F0EE ]
    
    



  • Next message: Greg Waltz: "Replacing User Authentication Method (with version)"