lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri Sep  2 10:53:18 2005
From: fractalg at highspeedweb.net (Pedro Hugo  )
Subject: SSH Bruteforce blocking script

Hi,

>I don't want to debate the goodness or badness of the strategy of
>blocking hosts like this in /etc/hosts.deny. It works perfectly for me,
>and most
>likely would for you, so no religious debates thanks. It's effective at
>blocking bruteforce attacks. If a host EXCEEDS a specified number of
>guesses
>during the (configurable) 30 seconds it takes the script to cycle, the
>host is blacklisted.
>

Why are you doing this the wrong way ? You should whitelist hosts, instead blacklisting them.
Unless you have administrative reasons for such decision, hosts.deny should be set to ALL:ALL, and you should allow specifically in hosts.allow.
This way everything is dropped by default. Tcpwrappers should be configured the same way a firewall is, unless there is something against  it. 
Even if you have customers who need remote access, adding a few ip's is much better than having open by default.
Kind Regards,
Pedro Hugo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ