[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4C223748.2060205@hawkhost.com>
Date: Wed, 23 Jun 2010 12:33:12 -0400
From: Cody Robertson <cody@...khost.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: targetted SSH bruteforce attacks
On 6/23/10 4:22 AM, yersinia wrote:
> On Thu, Jun 17, 2010 at 4:21 PM, Samuel MartÃn Moro <faust64@...il.com>wrote:
>
>>
>> I also don't want to change my ssh port, nor restrict incoming IPs, ... and
>> I use keys only to log in without entering password.
>> So you're not alone.
>> I had my IP changed several times, my servers are only hosting personal
>> data.
>> But I'm still seeing bruteforce attemps in my logs.
>>
>> Here's something I use on my servers.
>> In cron, every 5-10 minutes, that should do it.
>> Of course, if you're running *BSD, pf is way more interesting to do that.
>>
>> Perhaps could be better to use something standard as fail2ban
>
> http://www.ducea.com/2006/07/03/using-fail2ban-to-block-brute-force-attacks/?
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
If you have iptables it has ways you can do this throttle too many
connections within a specified period. I much prefer using something
such as this over third party software.
I'm sure you can do this in PF however I'm not familiar with it enough
to be certain (I'd be surprised if you couldn't however).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists