| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jun 2010 12:33:12 -0400 From: Cody Robertson <cody@...khost.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: targetted SSH bruteforce attacks On 6/23/10 4:22 AM, yersinia wrote: > On Thu, Jun 17, 2010 at 4:21 PM, Samuel MartÃn Moro <faust64@...il.com>wrote: > >> >> I also don't want to change my ssh port, nor restrict incoming IPs, ... and >> I use keys only to log in without entering password. >> So you're not alone. >> I had my IP changed several times, my servers are only hosting personal >> data. >> But I'm still seeing bruteforce attemps in my logs. >> >> Here's something I use on my servers. >> In cron, every 5-10 minutes, that should do it. >> Of course, if you're running *BSD, pf is way more interesting to do that. >> >> Perhaps could be better to use something standard as fail2ban > > http://www.ducea.com/2006/07/03/using-fail2ban-to-block-brute-force-attacks/? > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ If you have iptables it has ways you can do this throttle too many connections within a specified period. I much prefer using something such as this over third party software. I'm sure you can do this in PF however I'm not familiar with it enough to be certain (I'd be surprised if you couldn't however). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists