| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050902155535.GA25187@mckenzie.chia-pet.org> Date: Fri Sep 2 16:56:44 2005 From: miah at chia-pet.org (miah) Subject: SSH Bruteforce blocking script If you're running iptables why not make use of hashlimit? Once a limit is reached all connection attempts from that IP would be blocked until the hash entry expires. An example pulled from the web: iptables -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit \ 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state \ --state NEW -j ACCEPT https://www.redhat.com/archives/fedora-test-list/2005-August/msg00061.html http://tinyurl.com/94fak Also, don't forget to man iptables or iptables -m hashlimit -h -miah On Fri, Sep 02, 2005 at 07:33:02PM +0800, Michael L Benjamin wrote: > > > -----Original Message----- > From: full-disclosure-bounces@...ts.grok.org.uk > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Pedro > Hugo > Sent: Friday, 2 September 2005 05:53 PM > To: full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] SSH Bruteforce blocking script > > Hi, > > >I don't want to debate the goodness or badness of the strategy of > >blocking hosts like this in /etc/hosts.deny. It works perfectly for me, > >and most > >likely would for you, so no religious debates thanks. It's effective at > >blocking bruteforce attacks. If a host EXCEEDS a specified number of > >guesses > >during the (configurable) 30 seconds it takes the script to cycle, the > >host is blacklisted. > >
Powered by blists - more mailing lists