[nycbug-talk] Fwd: Stopping SSH dictionary attacks?
G. Rosamond
george
Tue Dec 21 15:15:04 EST 2004
Begin forwarded message:
> From: "Juan J. Martinez" <reidrac at usebox.net>
> Date: December 21, 2004 1:14:29 PM EST
> To: misc at openbsd.org
> Subject: Re: Stopping SSH dictionary attacks?
>
>> One solution I'm considering is writing a script that parses authlog
>> every hour or so and adds any IPs with more than x failed login
>> attempts to ipcop/etc/hosts_deny, am I on the right track with this
>> (has someone already done it - I'm a big fan of not re-inventing the
>> wheel)?
>
> Actually I've done this... however I think its usefulness is limited
> (ie. scans from the same IP in different days are rare), but was fun
> to code.
>
> You can check it at (the package is ssh_blocker):
> http://blackshell.usebox.net/pub/shell/
>
> Juanjo
>
> --
> Desarrollo y Sistemas: http://usebox.net/
> P?gina personal: http://usebox.net/jjm/
>
>
This may be relevant to some earlier discussions about openssh security
and brute force/dictionary attacks.
g
More information about the talk
mailing list