[nycbug-talk] Fwd: Stopping SSH dictionary attacks?
Tue Dec 21 15:53:16 EST 2004
i have been getting abused quite regularly....
of course this is just a home box with nothing relevant on it.
but my ssh and ftp (purposely anonymous) have been
getting abused the day after i opened the ports.
i mostly use it to test snort sigs.
On Tue, 21 Dec 2004 15:15:04 -0500, G. Rosamond <george at sddi.net> wrote:
> Begin forwarded message:
> > From: "Juan J. Martinez" <reidrac at usebox.net>
> > Date: December 21, 2004 1:14:29 PM EST
> > To: misc at openbsd.org
> > Subject: Re: Stopping SSH dictionary attacks?
> >> One solution I'm considering is writing a script that parses authlog
> >> every hour or so and adds any IPs with more than x failed login
> >> attempts to ipcop/etc/hosts_deny, am I on the right track with this
> >> (has someone already done it - I'm a big fan of not re-inventing the
> >> wheel)?
> > Actually I've done this... however I think its usefulness is limited
> > (ie. scans from the same IP in different days are rare), but was fun
> > to code.
> > You can check it at (the package is ssh_blocker):
> > http://blackshell.usebox.net/pub/shell/
> > Juanjo
> > --
> > Desarrollo y Sistemas: http://usebox.net/
> > P?gina personal: http://usebox.net/jjm/
> This may be relevant to some earlier discussions about openssh security
> and brute force/dictionary attacks.
> % NYC*BUG talk mailing list
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
More information about the talk