Re: Banning SSH attackers
From: Nate Smith (nate_at_thebackrow.net)
Date: 10/21/05
- Previous message: Tay, Gary: "RE: Putty/OpenSSH Public key auth"
- In reply to: Paul Berube: "Banning SSH attackers"
- Next in thread: Ben Ford: "Re: Banning SSH attackers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Oct 2005 12:12:09 -0700 To: Paul Berube <stazz@shaw.ca>
On Thu, Oct 20, 2005 at 11:42:24AM -0600, Paul Berube wrote:
> What I'd like is a system configuration where I just drop all packets
> from hosts that cause one of these messages for the next, say, 5 min.
> This way, a login failure from a legitimate user is not a catastrophic
> event for them, but greatly limits the ability of attackers to hammer on
I didn't find anything to do this either, so I wrote it a while back.
Meant to post it on freshmeat but didn't get time to.
The firewall rules are written for linux/iptables, so you can easily
adjust them for other systems, feel free to send me patches.
-nate
- text/x-perl attachment: tailauth_dist.pl
- Previous message: Tay, Gary: "RE: Putty/OpenSSH Public key auth"
- In reply to: Paul Berube: "Banning SSH attackers"
- Next in thread: Ben Ford: "Re: Banning SSH attackers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
