[nycbug-talk] Analyzing malicious SSH login attempts
chsnyder at gmail.com
Tue Sep 12 14:54:20 EDT 2006
On 9/12/06, Jeff Quast <af.dingo at gmail.com> wrote:
> There is a trivial solution for blocking hosts that connect too many
> times, http://www.openbsd.org/faq/pf/filter.html#stateopts
> Hasn't made it to freebsd yet, of course,
Or to Linux. Or to OSX.
> I think parsing logs and injecting rules is just plain ridiculous.
> Especialy using 3rd party languages not native to your OS. Its just
> more custom stuff to re-implement on the next os rebuild.
Look, I know it's ridiculous, but it's also more portable (for now) than pf.
> I just felt the need to reply to the line that this is OpenSSH's
> responsability to deal with. It made me mad. They do a great job
> dealing with this issue in the place it is meant to be dealt with.
It may not be the developer's responsibility to implement such a
feature, but I feel no qualms about wishing that they would. Sshd is
in a very good place to prevent this kind of abuse, and it could be
prevented in a way that isn't OS and firewall dependent.
More information about the talk