[nycbug-talk] Analyzing malicious SSH login attempts
Trish Lynch
trish at bsdunix.net
Tue Sep 12 15:37:11 EDT 2006
On Tue, 12 Sep 2006, csnyder wrote:
>
> I really wish the OpenSSH developers would address this issue in the
> server itself, by giving admins a lockout setting. I see absolutely no
> reason why hundreds of failed login attempts from the same IP address
> should be permitted as if it was standard procedure.
>
I 100% agree with this, its frustrating to have to rely upon self-made
scripts and third-party apps to get penSSH to do what it should, which is
lock out an IP/username after a certain amount of failed logins. Its not
too hard to implement, and I'm sure we're not the only ones asking for it.
> Anyway, I use a php script that scans the log for multiple failed
> logins from a single IP, then sets a temporary firewall rule blocking
> access from that address.
>
Yes, there are plenty of "log watcher" type programs out there, but why
not build this functionality within the daemon itself. Many other daemons
have it....
-Trish
--
Trish Lynch trish at bsdunix.net
Key fingerprint = 781D 2B47 AA4B FC88 B919 0CD6 26B2 1D62 6FC1 FF16
More information about the talk
mailing list