Re: Stopping Brute Force SSH Attacks
From: Dimitri Maziuk (dima_at_127.0.0.1)
Date: 10/14/04
- Previous message: all mail refused: "Re: Stopping Brute Force SSH Attacks"
- In reply to: John: "Stopping Brute Force SSH Attacks"
- Next in thread: Bill Unruh: "Re: Stopping Brute Force SSH Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Oct 2004 23:15:10 +0000 (UTC)
John sez:
> In an attempt to deter the brute force ssh attacks I have been seeing
> recently, I was wondering if the any of the following are possible:
>
> - If a login attempt fails, block the incoming IP address for X
> minutes.
Bad unless you disable password authentication first: people
mistype passwords all the time.
Once you're rid of password-based logins, you can tail the log
and look for "password for <user> from <ip>". A script to add
<ip> to /etc/hosts.deny and/or firewall rules should be easy
enough to write; however, don't blame me when it firewalls
your machine completely off the net (while you're away on
vacation, of course) because
a) you fscked it up, or
b) someone figured out how to DoS it with spoofed IP addresses
(pick any two).
Dima
-- The most horrifying thing about Unix is that, no matter how many times you hit yourself over the head with it, you never quite manage to lose consciousness. It just goes on and on. -- Patrick Sobalvarro
- Previous message: all mail refused: "Re: Stopping Brute Force SSH Attacks"
- In reply to: John: "Stopping Brute Force SSH Attacks"
- Next in thread: Bill Unruh: "Re: Stopping Brute Force SSH Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
