Re: OpenSSH -- a way to block recurrent login failures?

From: Alpt (alpt_at_freaknet.org)
Date: 09/21/04

  • Next message: Greg Waltz: "Replacing User Authentication Method (with version)" 
    Date: Tue, 21 Sep 2004 22:44:41 +0200
To: Victor Danilchenko <danilche@cs.umass.edu>

    On Tue, Sep 21, 2004 at 10:02:22AM -0400, Victor Danilchenko after a spiritual call wrote :
    ~> Hi,
    ~>
    ~> We are looking for a way to temporarily block hosts from which
    ~> we receive a given number of sequential failed login attempts, not
    ~> necessarily within the same SSH session (so MaxAuthTries is not enough).
    ~> The best solution I could come up with so far would be to run OpenSSH
    ~> through TCPWrappers, and set up a log watcher daemon which would edit
    ~> /etc/hosts.deny on the fly based on the tracked number of failed logins
    ~> for each logged host.
    ~>
    ~> Is there a better solution known for the sort of problems we
    ~> have been plagued with lately -- repeated brute-force crack attempts
    ~> from remote hosts? I looked on FreshMeat and I searched the mailing
    ~> lists, only to come up empty-handed.
    ~>

    Please take a look at:
    http://www.freaknet.org/alpt/src/Openssh-UlDoS/sa200409-19.txt
    With a few changes in the patch your problem will be solved.

    Best Regards 

    -- 
:wq!
"I don't know nothing" The One Who reached the Thinking Matter   '.'
[ Alpt --- Freaknet Medialab ]
[ GPG Key ID 441CF0EE ]
[ Key fingerprint = 8B02 26E8 831A 7BB9 81A9  5277 BFF8 037E 441C F0EE ]

  • Next message: Greg Waltz: "Replacing User Authentication Method (with version)"

    Relevant Pages