| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200509020553.AA4522138@highspeedweb.net> Date: Fri Sep 2 10:53:18 2005 From: fractalg at highspeedweb.net (Pedro Hugo ) Subject: SSH Bruteforce blocking script Hi, >I don't want to debate the goodness or badness of the strategy of >blocking hosts like this in /etc/hosts.deny. It works perfectly for me, >and most >likely would for you, so no religious debates thanks. It's effective at >blocking bruteforce attacks. If a host EXCEEDS a specified number of >guesses >during the (configurable) 30 seconds it takes the script to cycle, the >host is blacklisted. > Why are you doing this the wrong way ? You should whitelist hosts, instead blacklisting them. Unless you have administrative reasons for such decision, hosts.deny should be set to ALL:ALL, and you should allow specifically in hosts.allow. This way everything is dropped by default. Tcpwrappers should be configured the same way a firewall is, unless there is something against it. Even if you have customers who need remote access, adding a few ip's is much better than having open by default. Kind Regards, Pedro Hugo
Powered by blists - more mailing lists